DLP Policy Violation
Low
Escalated
ALR-00163 · 2026-07-11T05:01:49Z
Description
DLP policy violation: user 'k.brown' attempted to email 3 files classified as 'Confidential' to external address from SRV-APP-01.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
05:01:49
Event ingested by SOC365 Engine
05:01:54
EmilyAI triage started — correlation enrichment
05:02:03
EmilyAI confidence: 94% — escalated to human analyst
05:02:27
Alert assigned to analyst: EmilyAI (auto)
05:03:05
Investigation started — querying SIEM and threat intelligence
05:06:21
Containment action taken — endpoint isolated
05:18:02
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00180 | 6m ago | Data Exfiltration Attempt | Low | Resolved | SRV-APP-01 |
| ALR-00119 | 4h ago | DLP Policy Violation | Low | False Positive | FW-EDGE-01 |
| ALR-00447 | 7h ago | Kerberoasting Attempt | Low | Escalated | SRV-APP-01 |
| ALR-00169 | 12h ago | Data Exfiltration Attempt | Medium | Escalated | SRV-APP-01 |
| ALR-00391 | 17h ago | Malware Signature Match | Informational | Investigating | SRV-APP-01 |