Shadow IT Discovery
Low
Escalated
ALR-00385 · 2026-07-11T15:01:33Z
Description
Network IDS discovered unauthorised SaaS application (file sharing) used by 'd.walker'. 14GB of company data synced to unapproved cloud storage.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
15:01:33
Event ingested by SOC365 Engine
15:01:34
EmilyAI triage started — correlation enrichment
15:01:42
EmilyAI confidence: 94% — escalated to human analyst
15:02:16
Alert assigned to analyst: EmilyAI (auto)
15:03:44
Investigation started — querying SIEM and threat intelligence
15:05:28
Containment action taken — endpoint isolated
15:19:03
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00168 | 5h ago | Shadow IT Discovery | Critical | Escalated | SW-CORE-01 |
| ALR-00112 | 6h ago | Shadow IT Discovery | Critical | Escalated | WS-PC-006 |
| ALR-00407 | 18h ago | Shadow IT Discovery | Informational | False Positive | WS-LAP-010 |
| ALR-00202 | 19h ago | Credential Stuffing Attempt | Medium | Resolved | SRV-WEB-01 |
| ALR-00218 | 20h ago | Privilege Escalation Attempt | Informational | Escalated | SRV-WEB-01 |