Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:41:13 UTC

Suspicious Scheduled Task

High Investigating
ALR-00011 · 2026-07-06T17:52:28Z

Description

New scheduled task created on WS-MAC-005 by 'r.davies' running encoded batch script at 02:00 daily. No change request on file.

Alert Metadata

Alert ID
ALR-00011
Timestamp
2026-07-06T17:52:28Z
Severity
High
Status
Investigating
Detection Source
Email Gateway
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-MAC-005
User Account
r.davies
Source IP
103.74.216.39
Destination IP
10.3.51.113
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Persistence
Technique
T1053.005
Reference
attack.mitre.org/techniques/T1053.005

Investigation Timeline

17:52:28 Event ingested by SOC365 Engine
17:52:32 EmilyAI triage started — correlation enrichment
17:52:39 EmilyAI confidence: 83% — escalated to human analyst
17:52:58 Alert assigned to analyst: James Okonkwo
17:54:47 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00158 1h ago Malware Signature Match Low Escalated WS-MAC-005
ALR-00416 4h ago Unusual Outbound Traffic Informational Escalated WS-MAC-005
ALR-00339 7h ago Data Exfiltration Attempt Low Escalated WS-MAC-005
ALR-00023 8h ago DLP Policy Violation Medium Resolved WS-MAC-005
ALR-00243 20h ago Suspicious Scheduled Task High Open AP-WIFI-03