Shadow IT Discovery
Low
Resolved
ALR-00332 · 2026-07-06T02:31:13Z
Description
Email Gateway discovered unauthorised SaaS application (file sharing) used by 'l.johnson'. 14GB of company data synced to unapproved cloud storage.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
02:31:13
Event ingested by SOC365 Engine
02:31:17
EmilyAI triage started — correlation enrichment
02:31:22
EmilyAI confidence: 96% — escalated to human analyst
02:31:39
Alert assigned to analyst: EmilyAI (auto)
02:33:22
Investigation started — querying SIEM and threat intelligence
02:40:31
Containment action taken — endpoint isolated
02:47:03
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00203 | 51m ago | Shadow IT Discovery | Medium | Resolved | SRV-FILE-01 |
| ALR-00165 | 7h ago | Shadow IT Discovery | Informational | Resolved | WS-LAP-010 |
| ALR-00330 | 7h ago | Phishing Email Blocked | Informational | Open | WS-PC-003 |
| ALR-00342 | 9h ago | Certificate Anomaly | Low | Resolved | WS-PC-003 |
| ALR-00227 | 10h ago | Shadow IT Discovery | Low | Resolved | SRV-BACKUP-01 |