Suspicious Scheduled Task
Low
Escalated
ALR-00067 · 2026-07-11T11:23:30Z
Description
New scheduled task created on WS-PC-004 by 'c.williams' running encoded batch script at 02:00 daily. No change request on file.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:23:30
Event ingested by SOC365 Engine
11:23:34
EmilyAI triage started — correlation enrichment
11:23:45
EmilyAI confidence: 84% — escalated to human analyst
11:23:50
Alert assigned to analyst: EmilyAI (auto)
11:26:25
Investigation started — querying SIEM and threat intelligence
11:30:23
Containment action taken — endpoint isolated
11:35:51
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00147 | 9h ago | Suspicious Scheduled Task | Medium | False Positive | WS-PC-004 |
| ALR-00100 | 10h ago | Suspicious Scheduled Task | Medium | Open | SRV-MAIL-01 |
| ALR-00218 | 15h ago | Privilege Escalation Attempt | Informational | Resolved | WS-PC-004 |
| ALR-00040 | 16h ago | DLP Policy Violation | Low | False Positive | WS-PC-004 |
| ALR-00356 | 1d ago | Credential Stuffing Attempt | Informational | False Positive | WS-PC-004 |