Suspicious PowerShell Execution
Informational
False Positive
ALR-00004 · 2026-07-10T00:01:41Z
Description
Encoded PowerShell command executed on SW-CORE-01 by user 'a.wilson'. Command attempts to download and execute remote payload. Flagged by Firewall.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
00:01:41
Event ingested by SOC365 Engine
00:01:43
EmilyAI triage started — correlation enrichment
00:01:53
EmilyAI confidence: 84% — escalated to human analyst
00:01:58
Alert assigned to analyst: EmilyAI (auto)
00:03:20
Investigation started — querying SIEM and threat intelligence
00:06:51
Containment action taken — endpoint isolated
00:16:22
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00391 | 33m ago | Suspicious PowerShell Execution | Medium | Escalated | SRV-WEB-01 |
| ALR-00011 | 6h ago | Suspicious PowerShell Execution | Informational | False Positive | SRV-MAIL-01 |
| ALR-00269 | 8h ago | Suspicious PowerShell Execution | Low | Escalated | WS-PC-004 |
| ALR-00331 | 10h ago | Brute Force SSH | Informational | Escalated | SW-CORE-01 |
| ALR-00337 | 12h ago | Certificate Anomaly | Low | Open | SW-CORE-01 |