Can we adjust DLP policy to exclude HR shared drive?
TKT-0008
Normal
In Progress
Policy Change
- Created By
- r.davies
- Created
- 2026-05-14 11:50
- Last Updated
- 2026-05-16 04:20
- Assigned Analyst
- Sarah Chen
- Category
- Policy Change
- Messages
- 8
Conversation
r.davies
Customer
2026-05-14 11:50
We'd like to request a change to our security policy:
Can we adjust DLP policy to exclude HR shared drive?
Please let us know if this is feasible and what the security implications would be.
Can we adjust DLP policy to exclude HR shared drive?
Please let us know if this is feasible and what the security implications would be.
Sarah Chen
SOC Analyst
2026-05-14 14:53
The alert you referenced (ALR-00023) was generated by our DecoyPulse honeypot system. This has zero false positive rate — the activity is genuine and warrants investigation.
r.davies
Customer
2026-05-14 18:50
Thanks. Could you also check if any other accounts were affected?
Sarah Chen
SOC Analyst
2026-05-14 20:25
I've checked with our threat intelligence team. The dark web finding is from a third-party breach, not a direct compromise. We recommend enforcing a password reset for the affected account.
r.davies
Customer
2026-05-15 00:13
The affected user has confirmed they changed their password. Can you verify MFA is active?
Sarah Chen
SOC Analyst
2026-05-15 04:12
The vulnerability has been added to your remediation tracking. Our next scheduled scan is in 48 hours and will verify the patch was applied successfully.
r.davies
Customer
2026-05-15 07:16
Understood. Is there anything we need to do on our end in the meantime?
Sarah Chen
SOC Analyst
2026-05-15 07:57
I've checked the logs for the time period you mentioned. The activity was flagged by our EmilyAI triage system and has been escalated for manual review.