DLP Policy Violation
Low
Open
ALR-00433 · 2026-07-07T13:35:28Z
Description
DLP policy violation: user 'd.walker' attempted to email 3 files classified as 'Confidential' to external address from WS-PC-001.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
13:35:28
Event ingested by SOC365 Engine
13:35:31
EmilyAI triage started — correlation enrichment
13:35:42
EmilyAI confidence: 82% — escalated to human analyst
13:36:04
Alert assigned to analyst: EmilyAI (auto)
13:38:23
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00297 | 3h ago | Shadow IT Discovery | Low | Investigating | WS-PC-001 |
| ALR-00367 | 7h ago | DLP Policy Violation | Medium | Investigating | SRV-SQL-01 |
| ALR-00184 | 22h ago | DLP Policy Violation | High | Investigating | WS-PC-003 |
| ALR-00162 | 22h ago | DLP Policy Violation | Informational | Resolved | WS-PC-004 |
| ALR-00389 | 1d ago | Ransomware Behaviour Detected | Medium | Investigating | WS-PC-001 |