DLP Policy Violation
Low
Escalated
ALR-00233 · 2026-07-07T23:24:24Z
Description
DLP policy violation: user 'system' attempted to email 3 files classified as 'Confidential' to external address from WS-PC-002.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
23:24:24
Event ingested by SOC365 Engine
23:24:25
EmilyAI triage started — correlation enrichment
23:24:29
EmilyAI confidence: 82% — escalated to human analyst
23:25:03
Alert assigned to analyst: EmilyAI (auto)
23:25:28
Investigation started — querying SIEM and threat intelligence
23:29:40
Containment action taken — endpoint isolated
23:34:59
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00494 | 9h ago | DLP Policy Violation | Critical | Investigating | SW-CORE-01 |
| ALR-00067 | 13h ago | DLP Policy Violation | Medium | Investigating | WS-LAP-012 |
| ALR-00256 | 14h ago | DecoyPulse Honeypot Triggered | Informational | False Positive | WS-PC-002 |
| ALR-00005 | 14h ago | DecoyPulse Honeypot Triggered | Medium | False Positive | WS-PC-002 |
| ALR-00131 | 16h ago | Suspicious Scheduled Task | Medium | Investigating | WS-PC-002 |