Shadow IT Discovery
Medium
Resolved
ALR-00129 · 2026-07-10T09:36:01Z
Description
DLP Module discovered unauthorised SaaS application (file sharing) used by 'k.brown'. 14GB of company data synced to unapproved cloud storage.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
09:36:01
Event ingested by SOC365 Engine
09:36:02
EmilyAI triage started — correlation enrichment
09:36:11
EmilyAI confidence: 95% — escalated to human analyst
09:36:31
Alert assigned to analyst: Anika Patel
09:38:49
Investigation started — querying SIEM and threat intelligence
09:43:58
Containment action taken — endpoint isolated
09:53:13
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00257 | 5h ago | Shadow IT Discovery | Low | Escalated | SRV-SQL-01 |
| ALR-00076 | 12h ago | Shadow IT Discovery | Medium | Open | WS-MAC-005 |
| ALR-00385 | 13h ago | Lateral Movement Detected | Informational | Investigating | WS-MAC-005 |
| ALR-00132 | 1d ago | Shadow IT Discovery | Informational | False Positive | SRV-DC-01 |
| ALR-00291 | 1d ago | Unauthorised USB Device | Medium | False Positive | WS-MAC-005 |