Shadow IT Discovery
Medium
Investigating
ALR-00405 · 2026-07-10T18:14:05Z
Description
Attack Surface Scanner discovered unauthorised SaaS application (file sharing) used by 'j.smith'. 14GB of company data synced to unapproved cloud storage.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
18:14:05
Event ingested by SOC365 Engine
18:14:07
EmilyAI triage started — correlation enrichment
18:14:14
EmilyAI confidence: 98% — escalated to human analyst
18:14:25
Alert assigned to analyst: Marcus Webb
18:15:23
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00103 | 4h ago | Insider Threat Indicator | Medium | Open | FW-EDGE-01 |
| ALR-00065 | 9h ago | Shadow IT Discovery | Low | Escalated | WS-LAP-011 |
| ALR-00376 | 11h ago | Shadow IT Discovery | Medium | Resolved | SRV-BACKUP-01 |
| ALR-00071 | 12h ago | Shadow IT Discovery | Informational | Open | SRV-FILE-01 |
| ALR-00284 | 16h ago | Shadow IT Discovery | Informational | Investigating | SRV-SQL-01 |