DLP Policy Violation
Medium
Resolved
ALR-00286 · 2026-04-10T02:52:03Z
Description
DLP policy violation: user 'n.clark' attempted to email 3 files classified as 'Confidential' to external address from WS-PC-002.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
02:52:03
Event ingested by SOC365 Engine
02:52:06
EmilyAI triage started — correlation enrichment
02:52:15
EmilyAI confidence: 89% — escalated to human analyst
02:52:20
Alert assigned to analyst: Sarah Chen
02:54:35
Investigation started — querying SIEM and threat intelligence
02:57:30
Containment action taken — endpoint isolated
03:02:06
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00197 | 43m ago | Shadow IT Discovery | Low | Resolved | WS-PC-002 |
| ALR-00122 | 4h ago | DLP Policy Violation | Medium | Investigating | WS-LAP-011 |
| ALR-00213 | 12h ago | DLP Policy Violation | High | Investigating | WS-MAC-005 |
| ALR-00138 | 15h ago | Failed MFA Challenge | Informational | Resolved | WS-PC-002 |
| ALR-00100 | 17h ago | Brute Force SSH | Medium | Resolved | WS-PC-002 |