DLP Policy Violation
High
Open
ALR-00133 · 2026-07-08T19:36:07Z
Description
DLP policy violation: user 'a.wilson' attempted to email 3 files classified as 'Confidential' to external address from WS-LAP-011.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
19:36:07
Event ingested by SOC365 Engine
19:36:10
EmilyAI triage started — correlation enrichment
19:36:15
EmilyAI confidence: 84% — escalated to human analyst
19:36:28
Alert assigned to analyst: Marcus Webb
19:38:21
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00336 | 6h ago | Unusual Outbound Traffic | Medium | Investigating | WS-LAP-011 |
| ALR-00049 | 10h ago | DLP Policy Violation | Informational | False Positive | WS-MAC-005 |
| ALR-00272 | 13h ago | Certificate Anomaly | Low | Open | WS-LAP-011 |
| ALR-00362 | 22h ago | Certificate Anomaly | High | Escalated | WS-LAP-011 |
| ALR-00076 | 1d ago | Brute Force SSH | Low | Resolved | WS-LAP-011 |