DLP Policy Violation
Informational
Investigating
ALR-00371 · 2026-07-05T00:06:35Z
Description
DLP policy violation: user 'l.johnson' attempted to email 3 files classified as 'Confidential' to external address from SRV-DC-01.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
00:06:35
Event ingested by SOC365 Engine
00:06:39
EmilyAI triage started — correlation enrichment
00:06:43
EmilyAI confidence: 80% — escalated to human analyst
00:06:50
Alert assigned to analyst: EmilyAI (auto)
00:09:14
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00287 | 38m ago | Certificate Anomaly | Informational | Resolved | SRV-DC-01 |
| ALR-00466 | 1h ago | Privilege Escalation Attempt | High | Escalated | SRV-DC-01 |
| ALR-00390 | 3h ago | C2 Beacon Activity | Low | Open | SRV-DC-01 |
| ALR-00379 | 5h ago | DLP Policy Violation | Informational | Open | SRV-WEB-01 |
| ALR-00203 | 5h ago | Unusual Outbound Traffic | High | Open | SRV-DC-01 |