DLP Policy Violation
High
Investigating
ALR-00372 · 2026-05-23T05:13:17Z
Description
DLP policy violation: user 'a.wilson' attempted to email 3 files classified as 'Confidential' to external address from SRV-WEB-01.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
05:13:17
Event ingested by SOC365 Engine
05:13:20
EmilyAI triage started — correlation enrichment
05:13:31
EmilyAI confidence: 78% — escalated to human analyst
05:13:51
Alert assigned to analyst: James Okonkwo
05:14:02
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00054 | 4h ago | DLP Policy Violation | Critical | Open | FW-EDGE-01 |
| ALR-00431 | 6h ago | DLP Policy Violation | Low | Investigating | SRV-APP-01 |
| ALR-00338 | 7h ago | Certificate Anomaly | Low | Escalated | SRV-WEB-01 |
| ALR-00193 | 12h ago | Brute Force SSH | Low | Investigating | SRV-WEB-01 |
| ALR-00425 | 19h ago | DLP Policy Violation | Medium | Investigating | AP-WIFI-03 |