Shadow IT Discovery
Informational
Escalated
ALR-00220 · 2026-07-08T13:44:34Z
Description
Firewall discovered unauthorised SaaS application (file sharing) used by 'j.smith'. 14GB of company data synced to unapproved cloud storage.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
13:44:34
Event ingested by SOC365 Engine
13:44:37
EmilyAI triage started — correlation enrichment
13:44:48
EmilyAI confidence: 82% — escalated to human analyst
13:45:06
Alert assigned to analyst: EmilyAI (auto)
13:46:38
Investigation started — querying SIEM and threat intelligence
13:52:31
Containment action taken — endpoint isolated
13:58:30
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00438 | 46m ago | DLP Policy Violation | Medium | Open | SRV-DC-01 |
| ALR-00412 | 5h ago | Brute Force SSH | Low | Open | SRV-DC-01 |
| ALR-00170 | 7h ago | C2 Beacon Activity | Low | Investigating | SRV-DC-01 |
| ALR-00092 | 12h ago | Rogue DHCP Server | Low | Investigating | SRV-DC-01 |
| ALR-00132 | 15h ago | Insider Threat Indicator | Low | Investigating | SRV-DC-01 |