Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:10:48 UTC

Can we adjust DLP policy to exclude HR shared drive?

TKT-0008 Normal In Progress Policy Change
Created By
r.davies
Created
2026-05-14 11:50
Last Updated
2026-05-16 04:20
Assigned Analyst
Sarah Chen
Category
Policy Change
Messages
8

Conversation

r.davies Customer
2026-05-14 11:50
We'd like to request a change to our security policy:

Can we adjust DLP policy to exclude HR shared drive?

Please let us know if this is feasible and what the security implications would be.
Sarah Chen SOC Analyst
2026-05-14 14:53
The alert you referenced (ALR-00023) was generated by our DecoyPulse honeypot system. This has zero false positive rate — the activity is genuine and warrants investigation.
r.davies Customer
2026-05-14 18:50
Thanks. Could you also check if any other accounts were affected?
Sarah Chen SOC Analyst
2026-05-14 20:25
I've checked with our threat intelligence team. The dark web finding is from a third-party breach, not a direct compromise. We recommend enforcing a password reset for the affected account.
r.davies Customer
2026-05-15 00:13
The affected user has confirmed they changed their password. Can you verify MFA is active?
Sarah Chen SOC Analyst
2026-05-15 04:12
The vulnerability has been added to your remediation tracking. Our next scheduled scan is in 48 hours and will verify the patch was applied successfully.
r.davies Customer
2026-05-15 07:16
Understood. Is there anything we need to do on our end in the meantime?
Sarah Chen SOC Analyst
2026-05-15 07:57
I've checked the logs for the time period you mentioned. The activity was flagged by our EmilyAI triage system and has been escalated for manual review.

Reply