Triage QueueCASE-2026-0849
AdvisoryINVESTIGATE71%
Ambiguous: paste-site could be debugging snippet or credential leak. Repo access could be approved cross-team work. Recommend RFI to user's manager.
Suggested next steps · one-click (advisory)
AI Triage (live)LIVE AI · Gemini Flash PII redacted
Click Generate to call the model. Streams in real time from Lovable AI. Citations like [E1] link to timeline events.
Incident Narrative (live)LIVE AI · Gemini Flash PII redacted
Click Generate to call the model. Streams in real time from Lovable AI. Citations like [E1] link to timeline events.
AI Audit Log0 entries
No AI calls recorded for this case yet. Triage, narrative, and chat calls will appear here automatically.
SLA Timer
90m remaining
1
Triage
2
Investigation
3
Resolution
TM
Developer hit paste-site + cross-team repo access
MediumNewThomas Müller · Software Engineer II · Platform Engineering
EMP-3380Mgr: Sophie DuboisFrankfurt, DEHours: 10:30–19:30 CET
56
Medium
7d trend
Collapsed from
DLP×0Proxy×1SIEM×1
Created2026-06-08 09:00 IST
Assigneeunassigned
MITRE T1213 · Data from Info RepositoriesMITRE T1567 · Exfil / Web Service
Correlation graph — why these are one caseThe pivots (identity, files, destinations, devices) that link every alert in this case. Click any node to drill into other cases that share it.
Open Correlation Explorer Identity File Destination Device1 cross-case pivot touch this case
Click any node to inspect the pivot and other cases that share it.
Drill-down
Click a node in the graph to see its pivot details and any other cases it links to.Unified incident timelineAll raw alerts in this case merged in chronological order. Click an item to expand the redacted evidence.
DLP Proxy SIEM
08 Jun 2026
AI triage assist · advisoryAI-drafted summary, kill-chain, FP likelihood and citations. Always advisory — analyst must validate before acting.
Case summary
Proxy alert for paste-site usage (pastebin) combined with a QRadar offense for repo access outside the user's team. No DLP content match — needs human judgment.
MITRE kill-chain
- 1.Collection (?) — Cross-team repo browse.
- 2.Exfil (?) — pastebin.com paste of unknown content.
False-positive likelihood
45%
RAG citations
- SOP-DEV-008 — Paste-site triage — §1 requires content review
Analyst notes (0)Free-text observations added by analysts during triage. Visible to L2 on escalation.
No notes yet — add your first observation below.
Case audit timelineImmutable log of every action on this case — analyst, AI, and integrations. Used for compliance review.
2026-06-08 09:00 ISTai-triageAdvisory: INVESTIGATE (71%)
AI output is advisory. QRadar SIEM, Forcepoint DLP, and Forcepoint Proxy remain authoritative source systems. Sensitive values (SSN, account/loan numbers) are redacted before AI processing.