Phishing Email Blocked

Medium False Positive

ALR-00288 · 2026-05-26T14:55:26Z

Description

Phishing email targeting 'm.taylor@company.co.uk' blocked by Attack Surface Scanner. Payload: credential harvesting link mimicking Microsoft 365 login.

Alert Metadata

Alert ID: ALR-00288
Timestamp: 2026-05-26T14:55:26Z
Severity: Medium
Status: False Positive
Detection Source: Attack Surface Scanner
Assigned Analyst: Marcus Webb

Endpoint Information

Hostname: FW-EDGE-01
User Account: m.taylor
Source IP: 45.190.148.208
Destination IP: 10.0.88.77
Origin Country: RO Romania

MITRE ATT&CK Mapping

Tactic: Initial Access
Technique: T1566.001
Reference: attack.mitre.org/techniques/T1566.001

Investigation Timeline

14:55:26 Event ingested by SOC365 Engine

14:55:30 EmilyAI triage started — correlation enrichment

14:55:33 EmilyAI confidence: 85% — escalated to human analyst

14:56:09 Alert assigned to analyst: Marcus Webb

14:57:57 Investigation started — querying SIEM and threat intelligence

15:02:06 Containment action taken — endpoint isolated

15:11:45 Alert resolved — remediation complete

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00414	10h ago	Certificate Anomaly	High	Escalated	FW-EDGE-01
ALR-00449	11h ago	Suspicious Scheduled Task	Informational	Escalated	FW-EDGE-01
ALR-00082	18h ago	Unusual Outbound Traffic	Low	False Positive	FW-EDGE-01
ALR-00014	23h ago	Phishing Email Blocked	Medium	Investigating	WS-LAP-012
ALR-00234	23h ago	Phishing Email Blocked	Low	Resolved	WS-LAP-011