Shadow IT Discovery

Low Escalated

ALR-00337 · 2026-05-27T14:19:09Z

Description

Attack Surface Scanner discovered unauthorised SaaS application (file sharing) used by 'l.johnson'. 14GB of company data synced to unapproved cloud storage.

Alert Metadata

Alert ID: ALR-00337
Timestamp: 2026-05-27T14:19:09Z
Severity: Low
Status: Escalated
Detection Source: Attack Surface Scanner
Assigned Analyst: EmilyAI (auto)

Endpoint Information

Hostname: SRV-BACKUP-01
User Account: l.johnson
Source IP: 45.86.148.184
Destination IP: 10.1.2.73
Origin Country: VN Vietnam

MITRE ATT&CK Mapping

Tactic: Exfiltration
Technique: T1567
Reference: attack.mitre.org/techniques/T1567

Investigation Timeline

14:19:09 Event ingested by SOC365 Engine

14:19:12 EmilyAI triage started — correlation enrichment

14:19:14 EmilyAI confidence: 97% — escalated to human analyst

14:19:35 Alert assigned to analyst: EmilyAI (auto)

14:21:15 Investigation started — querying SIEM and threat intelligence

14:25:59 Containment action taken — endpoint isolated

14:29:18 Alert resolved — remediation complete

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00494	6h ago	Shadow IT Discovery	Informational	False Positive	SRV-MAIL-01
ALR-00258	6h ago	Port Scan Detected	Informational	Resolved	SRV-BACKUP-01
ALR-00370	11h ago	Pass-the-Hash Detected	Informational	Escalated	SRV-BACKUP-01
ALR-00108	12h ago	Shadow IT Discovery	Informational	Escalated	VM-DEV-01
ALR-00064	15h ago	Phishing Email Blocked	High	Investigating	SRV-BACKUP-01