DLP Policy Violation
High
Escalated
ALR-00456 · 2026-07-05T22:10:55Z
Description
DLP policy violation: user 'r.davies' attempted to email 3 files classified as 'Confidential' to external address from WS-PC-003.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
22:10:55
Event ingested by SOC365 Engine
22:10:59
EmilyAI triage started — correlation enrichment
22:11:03
EmilyAI confidence: 80% — escalated to human analyst
22:11:31
Alert assigned to analyst: Sarah Chen
22:13:15
Investigation started — querying SIEM and threat intelligence
22:20:16
Containment action taken — endpoint isolated
22:22:20
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00160 | 7m ago | Suspicious PowerShell Execution | High | Open | WS-PC-003 |
| ALR-00319 | 2h ago | DLP Policy Violation | Informational | Investigating | WS-LAP-010 |
| ALR-00230 | 6h ago | Port Scan Detected | Low | False Positive | WS-PC-003 |
| ALR-00045 | 22h ago | DLP Policy Violation | Low | False Positive | SRV-SQL-01 |
| ALR-00475 | 1d ago | DLP Policy Violation | Low | Escalated | WS-PC-002 |