DLP Policy Violation
Informational
Resolved
ALR-00162 · 2026-07-10T22:03:58Z
Description
DLP policy violation: user 'd.walker' attempted to email 3 files classified as 'Confidential' to external address from WS-PC-004.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
22:03:58
Event ingested by SOC365 Engine
22:04:03
EmilyAI triage started — correlation enrichment
22:04:03
EmilyAI confidence: 82% — escalated to human analyst
22:04:29
Alert assigned to analyst: EmilyAI (auto)
22:06:20
Investigation started — querying SIEM and threat intelligence
22:07:31
Containment action taken — endpoint isolated
22:19:25
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00367 | 7h ago | DLP Policy Violation | Medium | Investigating | SRV-SQL-01 |
| ALR-00184 | 22h ago | DLP Policy Violation | High | Investigating | WS-PC-003 |
| ALR-00115 | 1d ago | Privilege Escalation Attempt | Low | Resolved | WS-PC-004 |
| ALR-00291 | 1d ago | DLP Policy Violation | Medium | Escalated | SRV-DC-01 |
| ALR-00392 | 1d ago | DLP Policy Violation | Informational | Open | SRV-DC-01 |