DLP Policy Violation
Low
False Positive
ALR-00151 · 2026-07-05T21:48:16Z
Description
DLP policy violation: user 'm.taylor' attempted to email 3 files classified as 'Confidential' to external address from SRV-WEB-01.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
21:48:16
Event ingested by SOC365 Engine
21:48:21
EmilyAI triage started — correlation enrichment
21:48:30
EmilyAI confidence: 92% — escalated to human analyst
21:48:51
Alert assigned to analyst: EmilyAI (auto)
21:50:40
Investigation started — querying SIEM and threat intelligence
21:55:34
Containment action taken — endpoint isolated
22:04:48
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00236 | 1h ago | Ransomware Behaviour Detected | Medium | Resolved | SRV-WEB-01 |
| ALR-00266 | 5h ago | Anomalous DNS Query | High | Escalated | SRV-WEB-01 |
| ALR-00423 | 10h ago | Certificate Anomaly | Medium | Open | SRV-WEB-01 |
| ALR-00223 | 11h ago | Certificate Anomaly | Informational | Escalated | SRV-WEB-01 |
| ALR-00063 | 18h ago | DLP Policy Violation | Low | Open | WS-LAP-010 |