Shadow IT Discovery
Medium
Resolved
ALR-00270 · 2026-07-07T23:09:12Z
Description
SOC365 Engine discovered unauthorised SaaS application (file sharing) used by 'a.wilson'. 14GB of company data synced to unapproved cloud storage.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
23:09:12
Event ingested by SOC365 Engine
23:09:16
EmilyAI triage started — correlation enrichment
23:09:21
EmilyAI confidence: 96% — escalated to human analyst
23:09:35
Alert assigned to analyst: Emma Richardson
23:11:00
Investigation started — querying SIEM and threat intelligence
23:18:39
Containment action taken — endpoint isolated
23:26:06
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00227 | 3h ago | Credential Stuffing Attempt | Informational | Open | SRV-SQL-01 |
| ALR-00018 | 6h ago | Shadow IT Discovery | Low | Escalated | SRV-MAIL-01 |
| ALR-00454 | 9h ago | Malware Signature Match | High | Open | SRV-SQL-01 |
| ALR-00463 | 10h ago | C2 Beacon Activity | High | Open | SRV-SQL-01 |
| ALR-00269 | 11h ago | DLP Policy Violation | Informational | False Positive | SRV-SQL-01 |