DLP Policy Violation
Medium
Open
ALR-00190 · 2026-05-25T12:46:19Z
Description
DLP policy violation: user 'k.brown' attempted to email 3 files classified as 'Confidential' to external address from WS-MAC-005.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
12:46:19
Event ingested by SOC365 Engine
12:46:21
EmilyAI triage started — correlation enrichment
12:46:26
EmilyAI confidence: 79% — escalated to human analyst
12:46:35
Alert assigned to analyst: Emma Richardson
12:48:12
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00063 | 4h ago | DLP Policy Violation | Low | Escalated | SRV-SQL-01 |
| ALR-00470 | 5h ago | DLP Policy Violation | Medium | False Positive | SRV-WEB-01 |
| ALR-00303 | 9h ago | Suspicious PowerShell Execution | Informational | Resolved | WS-MAC-005 |
| ALR-00412 | 12h ago | DecoyPulse Honeypot Triggered | Medium | Investigating | WS-MAC-005 |
| ALR-00076 | 13h ago | Ransomware Behaviour Detected | Medium | Investigating | WS-MAC-005 |