Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:42:06 UTC

Suspicious PowerShell Execution

Informational False Positive
ALR-00004 · 2026-07-10T00:01:41Z

Description

Encoded PowerShell command executed on SW-CORE-01 by user 'a.wilson'. Command attempts to download and execute remote payload. Flagged by Firewall.

Alert Metadata

Alert ID
ALR-00004
Timestamp
2026-07-10T00:01:41Z
Severity
Informational
Status
False Positive
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SW-CORE-01
User Account
a.wilson
Source IP
194.180.62.35
Destination IP
10.3.141.178
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Execution
Technique
T1059.001
Reference
attack.mitre.org/techniques/T1059.001

Investigation Timeline

00:01:41 Event ingested by SOC365 Engine
00:01:43 EmilyAI triage started — correlation enrichment
00:01:53 EmilyAI confidence: 84% — escalated to human analyst
00:01:58 Alert assigned to analyst: EmilyAI (auto)
00:03:20 Investigation started — querying SIEM and threat intelligence
00:06:51 Containment action taken — endpoint isolated
00:16:22 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00391 33m ago Suspicious PowerShell Execution Medium Escalated SRV-WEB-01
ALR-00011 6h ago Suspicious PowerShell Execution Informational False Positive SRV-MAIL-01
ALR-00269 8h ago Suspicious PowerShell Execution Low Escalated WS-PC-004
ALR-00331 10h ago Brute Force SSH Informational Escalated SW-CORE-01
ALR-00337 12h ago Certificate Anomaly Low Open SW-CORE-01