DLP Policy Violation
Low
Resolved
ALR-00395 · 2026-07-04T22:21:06Z
Description
DLP policy violation: user 'r.davies' attempted to email 3 files classified as 'Confidential' to external address from WS-PC-006.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
22:21:06
Event ingested by SOC365 Engine
22:21:11
EmilyAI triage started — correlation enrichment
22:21:12
EmilyAI confidence: 92% — escalated to human analyst
22:21:27
Alert assigned to analyst: EmilyAI (auto)
22:23:22
Investigation started — querying SIEM and threat intelligence
22:29:29
Containment action taken — endpoint isolated
22:40:08
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00319 | 2h ago | DLP Policy Violation | Informational | Investigating | WS-LAP-010 |
| ALR-00221 | 11h ago | Malware Signature Match | Low | Investigating | WS-PC-006 |
| ALR-00172 | 19h ago | Rogue DHCP Server | Medium | Escalated | WS-PC-006 |
| ALR-00357 | 22h ago | Ransomware Behaviour Detected | Low | False Positive | WS-PC-006 |
| ALR-00045 | 22h ago | DLP Policy Violation | Low | False Positive | SRV-SQL-01 |