Suspicious Scheduled Task
Medium
Resolved
ALR-00243 · 2026-05-25T21:00:59Z
Description
New scheduled task created on WS-PC-001 by 'system' running encoded batch script at 02:00 daily. No change request on file.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
21:00:59
Event ingested by SOC365 Engine
21:01:00
EmilyAI triage started — correlation enrichment
21:01:06
EmilyAI confidence: 90% — escalated to human analyst
21:01:40
Alert assigned to analyst: Sarah Chen
21:02:55
Investigation started — querying SIEM and threat intelligence
21:09:58
Containment action taken — endpoint isolated
21:16:51
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00339 | 38m ago | Suspicious PowerShell Execution | Low | Investigating | WS-PC-001 |
| ALR-00070 | 1h ago | Suspicious Scheduled Task | High | Investigating | SRV-BACKUP-01 |
| ALR-00132 | 8h ago | Anomalous DNS Query | Low | Resolved | WS-PC-001 |
| ALR-00067 | 17h ago | Privilege Escalation Attempt | Low | Escalated | WS-PC-001 |
| ALR-00237 | 18h ago | Suspicious Scheduled Task | Low | Escalated | SRV-DC-01 |