Phishing Email Blocked
High
Escalated
ALR-00399 · 2026-07-05T07:31:07Z
Description
Phishing email targeting 'l.johnson@company.co.uk' blocked by DLP Module. Payload: credential harvesting link mimicking Microsoft 365 login.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
07:31:07
Event ingested by SOC365 Engine
07:31:09
EmilyAI triage started — correlation enrichment
07:31:20
EmilyAI confidence: 89% — escalated to human analyst
07:31:52
Alert assigned to analyst: Anika Patel
07:33:18
Investigation started — querying SIEM and threat intelligence
07:38:13
Containment action taken — endpoint isolated
07:48:26
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00412 | 5h ago | Unauthorised USB Device | Medium | Investigating | FW-EDGE-01 |
| ALR-00161 | 6h ago | Unusual Outbound Traffic | High | Open | FW-EDGE-01 |
| ALR-00119 | 10h ago | Malware Signature Match | High | Investigating | FW-EDGE-01 |
| ALR-00477 | 12h ago | Unauthorised USB Device | Medium | Open | FW-EDGE-01 |
| ALR-00017 | 1d ago | Kerberoasting Attempt | Informational | False Positive | FW-EDGE-01 |