Suspicious PowerShell Execution
Informational
Escalated
ALR-00168 · 2026-07-07T20:24:00Z
Description
Encoded PowerShell command executed on WS-LAP-012 by user 'm.taylor'. Command attempts to download and execute remote payload. Flagged by SOC365 Engine.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
20:24:00
Event ingested by SOC365 Engine
20:24:02
EmilyAI triage started — correlation enrichment
20:24:11
EmilyAI confidence: 89% — escalated to human analyst
20:24:20
Alert assigned to analyst: EmilyAI (auto)
20:26:47
Investigation started — querying SIEM and threat intelligence
20:32:17
Containment action taken — endpoint isolated
20:41:47
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00222 | 15m ago | Anomalous DNS Query | Medium | Investigating | WS-LAP-012 |
| ALR-00464 | 1h ago | Certificate Anomaly | Low | Escalated | WS-LAP-012 |
| ALR-00109 | 5h ago | DLP Policy Violation | Low | False Positive | WS-LAP-012 |
| ALR-00488 | 12h ago | C2 Beacon Activity | Low | False Positive | WS-LAP-012 |
| ALR-00020 | 13h ago | Unauthorised USB Device | Low | Escalated | WS-LAP-012 |