L1
L1 Analyst
SOC · New York
Triage QueueCASE-2026-0855
AdvisoryINVESTIGATE90%

Working as intended: RBAC denied the Reveal. No action needed beyond audit acknowledgment. Consider analyst training if attempts repeat.

Suggested next steps · one-click (advisory)
AI Triage (live)LIVE AI · Gemini Flash PII redacted
Click Generate to call the model. Streams in real time from Lovable AI. Citations like [E1] link to timeline events.
Incident Narrative (live)LIVE AI · Gemini Flash PII redacted
Click Generate to call the model. Streams in real time from Lovable AI. Citations like [E1] link to timeline events.
AI Audit Log0 entries
No AI calls recorded for this case yet. Triage, narrative, and chat calls will appear here automatically.
SLA Timer
180m remaining
Triage
2
Investigation
3
Resolution
JM

Detokenization request DENIED — L1 attempted Reveal on SSN

LowPending Info
James Mitchell · Senior Loan Operations Analyst · Mortgage Servicing
EMP-4471Mgr: Sarah O'BrienNew York, NYHours: 09:30–18:30 EST
Resigned — last working day in 4 days
22
Low
7d trend
Collapsed from
DLP×1Proxy×0SIEM×0
Created2026-06-08 10:42 IST
Assigneeunassigned

Correlation graph — why these are one caseThe pivots (identity, files, destinations, devices) that link every alert in this case. Click any node to drill into other cases that share it.

Open Correlation Explorer
Identity File Destination Device1 cross-case pivot touch this case
L1 AnalystEMP-9001Token VaultTKN-SSN-1234
Click any node to inspect the pivot and other cases that share it.
Drill-down
Click a node in the graph to see its pivot details and any other cases it links to.

Unified incident timelineAll raw alerts in this case merged in chronological order. Click an item to expand the redacted evidence.

DLP Proxy SIEM
08 Jun 2026

AI triage assist · advisoryAI-drafted summary, kill-chain, FP likelihood and citations. Always advisory — analyst must validate before acting.

Case summary

While triaging CASE-2026-0847, L1 analyst clicked Reveal on a masked SSN field. Token vault DENIED the detokenization — Reveal is restricted to L3 Insider Threat, SOC Manager, and Auditor roles. No raw SSN was disclosed. Attempt is captured here for audit + manager review.

MITRE kill-chain
    False-positive likelihood
    95%
    RAG citations
    • RBAC Matrix v2.4 Reveal-PII = L3 / Manager / Auditor only
    • SOP-PRIV-009 — Detokenization audit §3 mandatory review

    Analyst notes (0)Free-text observations added by analysts during triage. Visible to L2 on escalation.

    No notes yet — add your first observation below.

    Case audit timelineImmutable log of every action on this case — analyst, AI, and integrations. Used for compliance review.

    2026-06-08 10:41 ISTtoken-vaultReveal DENIEDTKN-SSN-1234 · role L1 Analyst · source CASE-2026-0847
    2026-06-08 10:41 ISTai-triageAdvisory: INVESTIGATE (90%)Audit + manager acknowledgement only.
    AI output is advisory. QRadar SIEM, Forcepoint DLP, and Forcepoint Proxy remain authoritative source systems. Sensitive values (SSN, account/loan numbers) are redacted before AI processing.