Suspicious PowerShell Execution
Informational
False Positive
ALR-00011 · 2026-07-11T11:47:00Z
Description
Encoded PowerShell command executed on SRV-MAIL-01 by user 'd.walker'. Command attempts to download and execute remote payload. Flagged by Dark Web Monitor.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:47:00
Event ingested by SOC365 Engine
11:47:02
EmilyAI triage started — correlation enrichment
11:47:07
EmilyAI confidence: 89% — escalated to human analyst
11:47:42
Alert assigned to analyst: EmilyAI (auto)
11:49:05
Investigation started — querying SIEM and threat intelligence
11:53:30
Containment action taken — endpoint isolated
12:02:05
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00391 | 33m ago | Suspicious PowerShell Execution | Medium | Escalated | SRV-WEB-01 |
| ALR-00127 | 57m ago | Credential Stuffing Attempt | Low | Investigating | SRV-MAIL-01 |
| ALR-00269 | 8h ago | Suspicious PowerShell Execution | Low | Escalated | WS-PC-004 |
| ALR-00171 | 15h ago | Suspicious PowerShell Execution | Informational | False Positive | VM-DEV-01 |
| ALR-00208 | 18h ago | Tor Exit Node Connection | High | Open | SRV-MAIL-01 |