Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 16:57:30 UTC

Suspicious PowerShell Execution

Medium Resolved
ALR-00198 · 2026-04-10T04:09:33Z

Description

Encoded PowerShell command executed on FW-EDGE-01 by user 'n.clark'. Command attempts to download and execute remote payload. Flagged by DLP Module.

Alert Metadata

Alert ID
ALR-00198
Timestamp
2026-04-10T04:09:33Z
Severity
Medium
Status
Resolved
Detection Source
DLP Module
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
FW-EDGE-01
User Account
n.clark
Source IP
185.215.220.174
Destination IP
10.1.116.188
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Execution
Technique
T1059.001
Reference
attack.mitre.org/techniques/T1059.001

Investigation Timeline

04:09:33 Event ingested by SOC365 Engine
04:09:35 EmilyAI triage started — correlation enrichment
04:09:41 EmilyAI confidence: 87% — escalated to human analyst
04:10:10 Alert assigned to analyst: Sarah Chen
04:10:18 Investigation started — querying SIEM and threat intelligence
04:14:17 Containment action taken — endpoint isolated
04:22:35 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00453 7h ago Data Exfiltration Attempt Medium Resolved FW-EDGE-01
ALR-00049 10h ago Privilege Escalation Attempt Medium Open FW-EDGE-01
ALR-00310 10h ago Tor Exit Node Connection Medium Investigating FW-EDGE-01
ALR-00297 10h ago Malware Signature Match Informational Resolved FW-EDGE-01
ALR-00264 18h ago Suspicious PowerShell Execution Informational Open WS-LAP-011