Phishing Email Blocked

Informational False Positive

ALR-00148 · 2026-04-09T21:40:32Z

Description

Phishing email targeting 'c.williams@company.co.uk' blocked by Attack Surface Scanner. Payload: credential harvesting link mimicking Microsoft 365 login.

Alert Metadata

Alert ID: ALR-00148
Timestamp: 2026-04-09T21:40:32Z
Severity: Informational
Status: False Positive
Detection Source: Attack Surface Scanner
Assigned Analyst: EmilyAI (auto)

Endpoint Information

Hostname: FW-EDGE-01
User Account: c.williams
Source IP: 194.173.62.234
Destination IP: 10.3.235.144
Origin Country: VN Vietnam

MITRE ATT&CK Mapping

Tactic: Initial Access
Technique: T1566.001
Reference: attack.mitre.org/techniques/T1566.001

Investigation Timeline

21:40:32 Event ingested by SOC365 Engine

21:40:33 EmilyAI triage started — correlation enrichment

21:40:38 EmilyAI confidence: 82% — escalated to human analyst

21:40:55 Alert assigned to analyst: EmilyAI (auto)

21:42:53 Investigation started — querying SIEM and threat intelligence

21:47:11 Containment action taken — endpoint isolated

21:54:40 Alert resolved — remediation complete

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00342	7h ago	Data Exfiltration Attempt	Low	Resolved	FW-EDGE-01
ALR-00221	7h ago	Insider Threat Indicator	Medium	Escalated	FW-EDGE-01
ALR-00319	11h ago	Shadow IT Discovery	Medium	Open	FW-EDGE-01
ALR-00217	13h ago	Unusual Outbound Traffic	Low	False Positive	FW-EDGE-01
ALR-00398	17h ago	Phishing Email Blocked	Low	Open	WS-MAC-005