Phishing Email Blocked

Informational Open

ALR-00151 · 2026-05-22T15:54:15Z

Description

Phishing email targeting 'j.smith@company.co.uk' blocked by Attack Surface Scanner. Payload: credential harvesting link mimicking Microsoft 365 login.

Alert Metadata

Alert ID: ALR-00151
Timestamp: 2026-05-22T15:54:15Z
Severity: Informational
Status: Open
Detection Source: Attack Surface Scanner
Assigned Analyst: EmilyAI (auto)

Endpoint Information

Hostname: FW-EDGE-01
User Account: j.smith
Source IP: 185.167.220.168
Destination IP: 10.1.190.26
Origin Country: BR Brazil

MITRE ATT&CK Mapping

Tactic: Initial Access
Technique: T1566.001
Reference: attack.mitre.org/techniques/T1566.001

Investigation Timeline

15:54:15 Event ingested by SOC365 Engine

15:54:16 EmilyAI triage started — correlation enrichment

15:54:21 EmilyAI confidence: 86% — escalated to human analyst

15:54:57 Alert assigned to analyst: EmilyAI (auto)

15:55:15 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00198	2h ago	Phishing Email Blocked	Medium	Escalated	WS-PC-001
ALR-00128	4h ago	Anomalous DNS Query	Low	Resolved	FW-EDGE-01
ALR-00335	4h ago	Shadow IT Discovery	Low	Resolved	FW-EDGE-01
ALR-00222	11h ago	Tor Exit Node Connection	Low	Investigating	FW-EDGE-01
ALR-00303	14h ago	Phishing Email Blocked	Critical	Escalated	WS-PC-002