Phishing Email Blocked
Low
False Positive
ALR-00079 · 2026-05-26T13:17:41Z
Description
Phishing email targeting 'j.smith@company.co.uk' blocked by Network IDS. Payload: credential harvesting link mimicking Microsoft 365 login.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
13:17:41
Event ingested by SOC365 Engine
13:17:46
EmilyAI triage started — correlation enrichment
13:17:52
EmilyAI confidence: 95% — escalated to human analyst
13:18:25
Alert assigned to analyst: EmilyAI (auto)
13:19:08
Investigation started — querying SIEM and threat intelligence
13:23:51
Containment action taken — endpoint isolated
13:33:02
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00458 | 1h ago | C2 Beacon Activity | Informational | Resolved | SRV-MAIL-01 |
| ALR-00309 | 3h ago | Phishing Email Blocked | Medium | Investigating | WS-LAP-012 |
| ALR-00368 | 5h ago | Lateral Movement Detected | Medium | Open | SRV-MAIL-01 |
| ALR-00366 | 19h ago | Phishing Email Blocked | Low | Open | SRV-MAIL-01 |
| ALR-00372 | 1d ago | Phishing Email Blocked | Medium | Escalated | WS-PC-006 |