Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:20:13 UTC

Suspicious Scheduled Task

High Escalated
ALR-00313 · 2026-04-10T13:40:37Z

Description

New scheduled task created on WS-LAP-011 by 's.jones' running encoded batch script at 02:00 daily. No change request on file.

Alert Metadata

Alert ID
ALR-00313
Timestamp
2026-04-10T13:40:37Z
Severity
High
Status
Escalated
Detection Source
EmilyAI Triage
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
WS-LAP-011
User Account
s.jones
Source IP
194.238.62.164
Destination IP
10.3.70.221
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Persistence
Technique
T1053.005
Reference
attack.mitre.org/techniques/T1053.005

Investigation Timeline

13:40:37 Event ingested by SOC365 Engine
13:40:41 EmilyAI triage started — correlation enrichment
13:40:48 EmilyAI confidence: 79% — escalated to human analyst
13:40:58 Alert assigned to analyst: Emma Richardson
13:42:26 Investigation started — querying SIEM and threat intelligence
13:43:50 Containment action taken — endpoint isolated
13:56:07 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00398 28m ago Shadow IT Discovery Critical Investigating WS-LAP-011
ALR-00144 2h ago Ransomware Behaviour Detected Medium Investigating WS-LAP-011
ALR-00114 2h ago Certificate Anomaly Medium Investigating WS-LAP-011
ALR-00221 15h ago Suspicious Scheduled Task High Open WS-PC-001
ALR-00067 20h ago Unusual Outbound Traffic Low Escalated WS-LAP-011