Triage QueueCASE-2026-0848
AdvisoryCLOSE88%
Single-source low-confidence match. Attached file is the published 'Mortgage Servicing Overview' brochure (sha256 matches public CDN). No PII/NPI content. Behavior matches user's prior approved exceptions.
Suggested next steps · one-click (advisory)
AI Triage (live)LIVE AI · Gemini Flash PII redacted
Click Generate to call the model. Streams in real time from Lovable AI. Citations like [E1] link to timeline events.
Incident Narrative (live)LIVE AI · Gemini Flash PII redacted
Click Generate to call the model. Streams in real time from Lovable AI. Citations like [E1] link to timeline events.
AI Audit Log0 entries
No AI calls recorded for this case yet. Triage, narrative, and chat calls will appear here automatically.
SLA Timer
240m remaining
1
Triage
2
Investigation
3
Resolution
EW
Marketing user emailed brochure to personal address
LowNewEmma Wilson · Marketing Specialist · Marketing
EMP-2210Mgr: Robert ChenLondon, UKHours: 10:00–19:00 GMT
18
Low
7d trend
Collapsed from
DLP×1Proxy×0SIEM×0
Created2026-06-08 09:40 IST
Assigneeunassigned
MITRE T1048 · Exfil / Alt. Protocol
Correlation graph — why these are one caseThe pivots (identity, files, destinations, devices) that link every alert in this case. Click any node to drill into other cases that share it.
Open Correlation Explorer Identity File Destination DeviceNo cross-case pivots for this case
Click any node to inspect the pivot and other cases that share it.
Drill-down
Click a node in the graph to see its pivot details and any other cases it links to.Unified incident timelineAll raw alerts in this case merged in chronological order. Click an item to expand the redacted evidence.
DLP Proxy SIEM
08 Jun 2026
AI triage assist · advisoryAI-drafted summary, kill-chain, FP likelihood and citations. Always advisory — analyst must validate before acting.
Case summary
Forcepoint DLP flagged an outbound email to a personal address with a PDF attachment. Content inspection shows a public product brochure — no NPI, already on the public website.
MITRE kill-chain
- 1.Apparent Exfil — Public brochure to personal email — benign.
False-positive likelihood
91%
RAG citations
- SOP-DLP-002 — Benign True Positive disposition — §2 brochures/marketing
Similar past cases
- CASE-2026-0701— Same user, same file — closed BTP
Analyst notes (0)Free-text observations added by analysts during triage. Visible to L2 on escalation.
No notes yet — add your first observation below.
Case audit timelineImmutable log of every action on this case — analyst, AI, and integrations. Used for compliance review.
2026-06-08 09:40 ISTingestAlert ingested
2026-06-08 09:40 ISTai-triageAdvisory: CLOSE (88%)
AI output is advisory. QRadar SIEM, Forcepoint DLP, and Forcepoint Proxy remain authoritative source systems. Sensitive values (SSN, account/loan numbers) are redacted before AI processing.