DLP Policy Violation
Medium
False Positive
ALR-00152 · 2026-05-24T13:00:43Z
Description
DLP policy violation: user 'f.hall' attempted to email 3 files classified as 'Confidential' to external address from WS-PC-002.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
13:00:43
Event ingested by SOC365 Engine
13:00:45
EmilyAI triage started — correlation enrichment
13:00:49
EmilyAI confidence: 92% — escalated to human analyst
13:01:17
Alert assigned to analyst: Anika Patel
13:02:53
Investigation started — querying SIEM and threat intelligence
13:07:45
Containment action taken — endpoint isolated
13:12:30
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00054 | 4h ago | DLP Policy Violation | Critical | Open | FW-EDGE-01 |
| ALR-00479 | 5h ago | Kerberoasting Attempt | Medium | False Positive | WS-PC-002 |
| ALR-00431 | 6h ago | DLP Policy Violation | Low | Investigating | SRV-APP-01 |
| ALR-00342 | 13h ago | Rogue DHCP Server | Low | Escalated | WS-PC-002 |
| ALR-00425 | 19h ago | DLP Policy Violation | Medium | Investigating | AP-WIFI-03 |