Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:56:34 UTC

Suspicious Scheduled Task

Low False Positive
ALR-00021 · 2026-05-23T19:00:29Z

Description

New scheduled task created on SRV-DC-01 by 'system' running encoded batch script at 02:00 daily. No change request on file.

Alert Metadata

Alert ID
ALR-00021
Timestamp
2026-05-23T19:00:29Z
Severity
Low
Status
False Positive
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-DC-01
User Account
system
Source IP
91.18.195.34
Destination IP
10.3.234.23
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Persistence
Technique
T1053.005
Reference
attack.mitre.org/techniques/T1053.005

Investigation Timeline

19:00:29 Event ingested by SOC365 Engine
19:00:32 EmilyAI triage started — correlation enrichment
19:00:35 EmilyAI confidence: 92% — escalated to human analyst
19:00:44 Alert assigned to analyst: EmilyAI (auto)
19:02:56 Investigation started — querying SIEM and threat intelligence
19:07:03 Containment action taken — endpoint isolated
19:19:40 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00490 49m ago Suspicious Scheduled Task Informational False Positive SRV-WEB-01
ALR-00197 7h ago Kerberoasting Attempt Medium False Positive SRV-DC-01
ALR-00269 14h ago Data Exfiltration Attempt Medium Open SRV-DC-01
ALR-00312 17h ago Suspicious PowerShell Execution Low Investigating SRV-DC-01
ALR-00468 20h ago Suspicious Scheduled Task High Open SRV-APP-01