Phishing Email Blocked
Informational
False Positive
ALR-00264 · 2026-05-26T00:06:00Z
Description
Phishing email targeting 'system@company.co.uk' blocked by DecoyPulse. Payload: credential harvesting link mimicking Microsoft 365 login.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
00:06:00
Event ingested by SOC365 Engine
00:06:03
EmilyAI triage started — correlation enrichment
00:06:12
EmilyAI confidence: 83% — escalated to human analyst
00:06:23
Alert assigned to analyst: EmilyAI (auto)
00:07:06
Investigation started — querying SIEM and threat intelligence
00:11:21
Containment action taken — endpoint isolated
00:19:56
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00442 | 5h ago | Phishing Email Blocked | Medium | Escalated | WS-PC-001 |
| ALR-00277 | 10h ago | Anomalous DNS Query | Medium | False Positive | SRV-FILE-01 |
| ALR-00064 | 15h ago | Phishing Email Blocked | High | Investigating | SRV-BACKUP-01 |
| ALR-00015 | 19h ago | Phishing Email Blocked | Medium | Resolved | SRV-MAIL-01 |
| ALR-00135 | 21h ago | Insider Threat Indicator | Informational | Open | SRV-FILE-01 |