Suspicious PowerShell Execution
Low
Resolved
ALR-00022 · 2026-07-10T01:04:49Z
Description
Encoded PowerShell command executed on WS-LAP-010 by user 'k.brown'. Command attempts to download and execute remote payload. Flagged by EmilyAI Triage.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
01:04:49
Event ingested by SOC365 Engine
01:04:50
EmilyAI triage started — correlation enrichment
01:05:00
EmilyAI confidence: 90% — escalated to human analyst
01:05:29
Alert assigned to analyst: EmilyAI (auto)
01:05:55
Investigation started — querying SIEM and threat intelligence
01:11:02
Containment action taken — endpoint isolated
01:24:38
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00267 | 1h ago | Suspicious PowerShell Execution | High | Escalated | WS-MAC-005 |
| ALR-00184 | 4h ago | Rogue DHCP Server | High | Investigating | WS-LAP-010 |
| ALR-00225 | 7h ago | Data Exfiltration Attempt | Medium | Investigating | WS-LAP-010 |
| ALR-00392 | 9h ago | Suspicious PowerShell Execution | Medium | Investigating | SRV-FILE-01 |
| ALR-00278 | 13h ago | Rogue DHCP Server | High | Escalated | WS-LAP-010 |