Phishing Email Blocked
Low
False Positive
ALR-00067 · 2026-07-06T06:55:42Z
Description
Phishing email targeting 'j.smith@company.co.uk' blocked by Email Gateway. Payload: credential harvesting link mimicking Microsoft 365 login.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
06:55:42
Event ingested by SOC365 Engine
06:55:43
EmilyAI triage started — correlation enrichment
06:55:53
EmilyAI confidence: 85% — escalated to human analyst
06:56:02
Alert assigned to analyst: EmilyAI (auto)
06:57:37
Investigation started — querying SIEM and threat intelligence
07:03:49
Containment action taken — endpoint isolated
07:14:50
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00236 | 1h ago | Privilege Escalation Attempt | Informational | False Positive | SRV-APP-01 |
| ALR-00481 | 7h ago | Pass-the-Hash Detected | Informational | Escalated | SRV-APP-01 |
| ALR-00378 | 7h ago | Phishing Email Blocked | High | Escalated | WS-PC-003 |
| ALR-00037 | 13h ago | Unusual Outbound Traffic | Medium | False Positive | SRV-APP-01 |
| ALR-00261 | 18h ago | Privilege Escalation Attempt | Low | Escalated | SRV-APP-01 |