Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:43:24 UTC

Suspicious Scheduled Task

Medium Investigating
ALR-00066 · 2026-07-06T22:17:29Z

Description

New scheduled task created on SW-CORE-01 by 'c.williams' running encoded batch script at 02:00 daily. No change request on file.

Alert Metadata

Alert ID
ALR-00066
Timestamp
2026-07-06T22:17:29Z
Severity
Medium
Status
Investigating
Detection Source
Attack Surface Scanner
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SW-CORE-01
User Account
c.williams
Source IP
45.142.148.136
Destination IP
10.3.43.95
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Persistence
Technique
T1053.005
Reference
attack.mitre.org/techniques/T1053.005

Investigation Timeline

22:17:29 Event ingested by SOC365 Engine
22:17:32 EmilyAI triage started — correlation enrichment
22:17:44 EmilyAI confidence: 94% — escalated to human analyst
22:17:50 Alert assigned to analyst: Anika Patel
22:19:09 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00176 4m ago Suspicious Scheduled Task Low Resolved SW-CORE-01
ALR-00284 8h ago Unauthorised USB Device High Open SW-CORE-01
ALR-00165 10h ago Port Scan Detected High Open SW-CORE-01
ALR-00063 16h ago Anomalous DNS Query Medium Resolved SW-CORE-01
ALR-00357 1d ago Suspicious Scheduled Task Low False Positive SW-CORE-01