DLP Policy Violation
Medium
Resolved
ALR-00257 · 2026-07-10T06:20:00Z
Description
DLP policy violation: user 'h.roberts' attempted to email 3 files classified as 'Confidential' to external address from WS-LAP-010.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
06:20:00
Event ingested by SOC365 Engine
06:20:02
EmilyAI triage started — correlation enrichment
06:20:11
EmilyAI confidence: 88% — escalated to human analyst
06:20:24
Alert assigned to analyst: Emma Richardson
06:22:04
Investigation started — querying SIEM and threat intelligence
06:26:30
Containment action taken — endpoint isolated
06:36:50
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00416 | 2h ago | DecoyPulse Honeypot Triggered | Low | Escalated | WS-LAP-010 |
| ALR-00451 | 11h ago | Port Scan Detected | Medium | False Positive | WS-LAP-010 |
| ALR-00159 | 19h ago | Rogue DHCP Server | High | Investigating | WS-LAP-010 |
| ALR-00498 | 22h ago | DLP Policy Violation | Low | Escalated | WS-LAP-011 |
| ALR-00397 | 1d ago | Brute Force SSH | Low | Investigating | WS-LAP-010 |