Suspicious PowerShell Execution
Low
Open
ALR-00135 · 2026-07-10T07:20:24Z
Description
Encoded PowerShell command executed on SRV-WEB-01 by user 'e.evans'. Command attempts to download and execute remote payload. Flagged by Firewall.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
07:20:24
Event ingested by SOC365 Engine
07:20:26
EmilyAI triage started — correlation enrichment
07:20:30
EmilyAI confidence: 82% — escalated to human analyst
07:21:00
Alert assigned to analyst: EmilyAI (auto)
07:22:32
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00431 | 16h ago | Suspicious PowerShell Execution | Medium | Resolved | SRV-FILE-01 |
| ALR-00197 | 22h ago | Unusual Outbound Traffic | Low | Open | SRV-WEB-01 |
| ALR-00117 | 1d ago | Suspicious PowerShell Execution | Low | False Positive | WS-LAP-011 |
| ALR-00368 | 1d ago | Rogue DHCP Server | Low | Investigating | SRV-WEB-01 |
| ALR-00128 | 1d ago | Suspicious PowerShell Execution | Low | False Positive | WS-PC-003 |