Shadow IT Discovery
Low
Escalated
ALR-00229 · 2026-07-11T11:02:18Z
Description
DecoyPulse discovered unauthorised SaaS application (file sharing) used by 'c.williams'. 14GB of company data synced to unapproved cloud storage.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:02:18
Event ingested by SOC365 Engine
11:02:20
EmilyAI triage started — correlation enrichment
11:02:28
EmilyAI confidence: 84% — escalated to human analyst
11:02:44
Alert assigned to analyst: EmilyAI (auto)
11:04:20
Investigation started — querying SIEM and threat intelligence
11:10:08
Containment action taken — endpoint isolated
11:17:31
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00352 | 3h ago | Kerberoasting Attempt | Low | Open | WS-PC-002 |
| ALR-00451 | 7h ago | Shadow IT Discovery | Low | Open | WS-PC-002 |
| ALR-00417 | 8h ago | Anomalous DNS Query | High | Open | WS-PC-002 |
| ALR-00320 | 8h ago | Insider Threat Indicator | Critical | Escalated | WS-PC-002 |
| ALR-00342 | 13h ago | DecoyPulse Honeypot Triggered | Medium | False Positive | WS-PC-002 |