Shadow IT Discovery
Low
Open
ALR-00120 · 2026-07-07T15:07:43Z
Description
DecoyPulse discovered unauthorised SaaS application (file sharing) used by 's.jones'. 14GB of company data synced to unapproved cloud storage.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
15:07:43
Event ingested by SOC365 Engine
15:07:44
EmilyAI triage started — correlation enrichment
15:07:48
EmilyAI confidence: 89% — escalated to human analyst
15:07:58
Alert assigned to analyst: EmilyAI (auto)
15:09:09
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00286 | 14h ago | Pass-the-Hash Detected | Low | Investigating | WS-LAP-011 |
| ALR-00062 | 15h ago | Suspicious Scheduled Task | Informational | Resolved | WS-LAP-011 |
| ALR-00492 | 17h ago | Suspicious Scheduled Task | Low | Escalated | WS-LAP-011 |
| ALR-00377 | 1d ago | Shadow IT Discovery | Low | Resolved | WS-PC-001 |
| ALR-00256 | 1d ago | Brute Force SSH | Informational | Investigating | WS-LAP-011 |