DLP Policy Violation
Low
False Positive
ALR-00096 · 2026-05-22T13:42:48Z
Description
DLP policy violation: user 'm.taylor' attempted to email 3 files classified as 'Confidential' to external address from WS-PC-001.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
13:42:48
Event ingested by SOC365 Engine
13:42:52
EmilyAI triage started — correlation enrichment
13:43:00
EmilyAI confidence: 94% — escalated to human analyst
13:43:28
Alert assigned to analyst: EmilyAI (auto)
13:45:37
Investigation started — querying SIEM and threat intelligence
13:49:46
Containment action taken — endpoint isolated
13:57:02
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00232 | 8m ago | DLP Policy Violation | High | Investigating | WS-PC-001 |
| ALR-00078 | 7h ago | Unusual Outbound Traffic | Low | Investigating | WS-PC-001 |
| ALR-00203 | 10h ago | Tor Exit Node Connection | Informational | False Positive | WS-PC-001 |
| ALR-00019 | 12h ago | DLP Policy Violation | Low | Resolved | WS-PC-003 |
| ALR-00422 | 14h ago | Rogue DHCP Server | Medium | Investigating | WS-PC-001 |