Shadow IT Discovery
High
Investigating
ALR-00327 · 2026-07-09T01:32:16Z
Description
Firewall discovered unauthorised SaaS application (file sharing) used by 'r.davies'. 14GB of company data synced to unapproved cloud storage.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
01:32:16
Event ingested by SOC365 Engine
01:32:21
EmilyAI triage started — correlation enrichment
01:32:22
EmilyAI confidence: 82% — escalated to human analyst
01:32:50
Alert assigned to analyst: Sarah Chen
01:34:45
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00203 | 51m ago | Shadow IT Discovery | Medium | Resolved | SRV-FILE-01 |
| ALR-00080 | 1h ago | Failed MFA Challenge | Low | Resolved | SW-CORE-01 |
| ALR-00165 | 7h ago | Shadow IT Discovery | Informational | Resolved | WS-LAP-010 |
| ALR-00494 | 9h ago | DLP Policy Violation | Critical | Investigating | SW-CORE-01 |
| ALR-00227 | 10h ago | Shadow IT Discovery | Low | Resolved | SRV-BACKUP-01 |