Suspicious Scheduled Task
Medium
Investigating
ALR-00066 · 2026-07-06T22:17:29Z
Description
New scheduled task created on SW-CORE-01 by 'c.williams' running encoded batch script at 02:00 daily. No change request on file.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
22:17:29
Event ingested by SOC365 Engine
22:17:32
EmilyAI triage started — correlation enrichment
22:17:44
EmilyAI confidence: 94% — escalated to human analyst
22:17:50
Alert assigned to analyst: Anika Patel
22:19:09
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00176 | 4m ago | Suspicious Scheduled Task | Low | Resolved | SW-CORE-01 |
| ALR-00284 | 8h ago | Unauthorised USB Device | High | Open | SW-CORE-01 |
| ALR-00165 | 10h ago | Port Scan Detected | High | Open | SW-CORE-01 |
| ALR-00063 | 16h ago | Anomalous DNS Query | Medium | Resolved | SW-CORE-01 |
| ALR-00357 | 1d ago | Suspicious Scheduled Task | Low | False Positive | SW-CORE-01 |