Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:54:02 UTC

Suspicious Scheduled Task

Low False Positive
ALR-00058 · 2026-04-09T01:43:43Z

Description

New scheduled task created on FW-EDGE-01 by 'r.davies' running encoded batch script at 02:00 daily. No change request on file.

Alert Metadata

Alert ID
ALR-00058
Timestamp
2026-04-09T01:43:43Z
Severity
Low
Status
False Positive
Detection Source
Dark Web Monitor
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
FW-EDGE-01
User Account
r.davies
Source IP
185.85.220.167
Destination IP
10.3.159.224
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Persistence
Technique
T1053.005
Reference
attack.mitre.org/techniques/T1053.005

Investigation Timeline

01:43:43 Event ingested by SOC365 Engine
01:43:48 EmilyAI triage started — correlation enrichment
01:43:58 EmilyAI confidence: 91% — escalated to human analyst
01:44:23 Alert assigned to analyst: EmilyAI (auto)
01:45:59 Investigation started — querying SIEM and threat intelligence
01:48:52 Containment action taken — endpoint isolated
02:00:46 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00372 2h ago Tor Exit Node Connection Medium Open FW-EDGE-01
ALR-00168 3h ago C2 Beacon Activity Medium Open FW-EDGE-01
ALR-00290 4h ago Shadow IT Discovery Medium False Positive FW-EDGE-01
ALR-00255 9h ago Suspicious Scheduled Task Informational False Positive SRV-FILE-01
ALR-00025 10h ago Data Exfiltration Attempt Medium Open FW-EDGE-01