Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:20:12 UTC

Suspicious Scheduled Task

Medium Investigating
ALR-00231 · 2026-04-08T07:36:33Z

Description

New scheduled task created on VM-DEV-01 by 's.jones' running encoded batch script at 02:00 daily. No change request on file.

Alert Metadata

Alert ID
ALR-00231
Timestamp
2026-04-08T07:36:33Z
Severity
Medium
Status
Investigating
Detection Source
Email Gateway
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
VM-DEV-01
User Account
s.jones
Source IP
103.174.216.230
Destination IP
10.1.111.171
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Persistence
Technique
T1053.005
Reference
attack.mitre.org/techniques/T1053.005

Investigation Timeline

07:36:33 Event ingested by SOC365 Engine
07:36:36 EmilyAI triage started — correlation enrichment
07:36:46 EmilyAI confidence: 91% — escalated to human analyst
07:36:59 Alert assigned to analyst: James Okonkwo
07:37:54 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00427 10h ago C2 Beacon Activity Informational Escalated VM-DEV-01
ALR-00221 15h ago Suspicious Scheduled Task High Open WS-PC-001
ALR-00450 18h ago Rogue DHCP Server Medium Investigating VM-DEV-01
ALR-00446 1d ago DecoyPulse Honeypot Triggered Medium Escalated VM-DEV-01
ALR-00188 1d ago Suspicious Scheduled Task Medium Investigating SRV-BACKUP-01