DLP Policy Violation
Low
False Positive
ALR-00119 · 2026-07-11T15:27:36Z
Description
DLP policy violation: user 'j.smith' attempted to email 3 files classified as 'Confidential' to external address from FW-EDGE-01.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
15:27:36
Event ingested by SOC365 Engine
15:27:40
EmilyAI triage started — correlation enrichment
15:27:49
EmilyAI confidence: 97% — escalated to human analyst
15:27:59
Alert assigned to analyst: EmilyAI (auto)
15:30:29
Investigation started — querying SIEM and threat intelligence
15:35:48
Containment action taken — endpoint isolated
15:46:48
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00163 | 14h ago | DLP Policy Violation | Low | Escalated | SRV-APP-01 |
| ALR-00301 | 20h ago | DecoyPulse Honeypot Triggered | Low | Resolved | FW-EDGE-01 |
| ALR-00037 | 1d ago | DLP Policy Violation | Low | Resolved | WS-PC-001 |
| ALR-00292 | 1d ago | Insider Threat Indicator | High | Investigating | FW-EDGE-01 |
| ALR-00055 | 1d ago | DLP Policy Violation | Low | Investigating | WS-LAP-011 |