Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:52:34 UTC

Suspicious Scheduled Task

Informational Open
ALR-00085 · 2026-05-26T15:41:58Z

Description

New scheduled task created on SRV-MAIL-01 by 'c.williams' running encoded batch script at 02:00 daily. No change request on file.

Alert Metadata

Alert ID
ALR-00085
Timestamp
2026-05-26T15:41:58Z
Severity
Informational
Status
Open
Detection Source
EmilyAI Triage
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-MAIL-01
User Account
c.williams
Source IP
194.247.62.252
Destination IP
10.1.134.207
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Persistence
Technique
T1053.005
Reference
attack.mitre.org/techniques/T1053.005

Investigation Timeline

15:41:58 Event ingested by SOC365 Engine
15:42:03 EmilyAI triage started — correlation enrichment
15:42:10 EmilyAI confidence: 84% — escalated to human analyst
15:42:27 Alert assigned to analyst: EmilyAI (auto)
15:44:53 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00425 3h ago Suspicious Scheduled Task Medium False Positive FW-EDGE-01
ALR-00447 5h ago Malware Signature Match Low Resolved SRV-MAIL-01
ALR-00386 7h ago Port Scan Detected Low Resolved SRV-MAIL-01
ALR-00406 8h ago Unauthorised USB Device Medium Investigating SRV-MAIL-01
ALR-00219 9h ago Suspicious Scheduled Task Low Investigating WS-PC-002