Shadow IT Discovery
Medium
Investigating
ALR-00190 · 2026-05-24T19:05:07Z
Description
SOC365 Engine discovered unauthorised SaaS application (file sharing) used by 'p.thomas'. 14GB of company data synced to unapproved cloud storage.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
19:05:07
Event ingested by SOC365 Engine
19:05:09
EmilyAI triage started — correlation enrichment
19:05:21
EmilyAI confidence: 82% — escalated to human analyst
19:05:49
Alert assigned to analyst: James Okonkwo
19:07:35
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00125 | 2h ago | Shadow IT Discovery | Low | Resolved | SRV-BACKUP-01 |
| ALR-00023 | 6h ago | Shadow IT Discovery | Informational | Resolved | SRV-FILE-01 |
| ALR-00258 | 10h ago | Shadow IT Discovery | Informational | Investigating | SRV-BACKUP-01 |
| ALR-00417 | 11h ago | Shadow IT Discovery | Low | False Positive | WS-LAP-011 |
| ALR-00002 | 18h ago | Shadow IT Discovery | Low | False Positive | WS-LAP-012 |