Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:06:40 UTC

Suspicious Scheduled Task

Low Resolved
ALR-00323 · 2026-05-21T20:11:45Z

Description

New scheduled task created on WS-LAP-010 by 's.jones' running encoded batch script at 02:00 daily. No change request on file.

Alert Metadata

Alert ID
ALR-00323
Timestamp
2026-05-21T20:11:45Z
Severity
Low
Status
Resolved
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-010
User Account
s.jones
Source IP
103.185.216.196
Destination IP
10.3.160.86
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Persistence
Technique
T1053.005
Reference
attack.mitre.org/techniques/T1053.005

Investigation Timeline

20:11:45 Event ingested by SOC365 Engine
20:11:50 EmilyAI triage started — correlation enrichment
20:11:53 EmilyAI confidence: 83% — escalated to human analyst
20:12:07 Alert assigned to analyst: EmilyAI (auto)
20:14:02 Investigation started — querying SIEM and threat intelligence
20:16:06 Containment action taken — endpoint isolated
20:29:20 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00475 42m ago Failed MFA Challenge Medium Investigating WS-LAP-010
ALR-00304 1h ago Pass-the-Hash Detected Low False Positive WS-LAP-010
ALR-00254 5h ago Suspicious Scheduled Task Low Escalated SW-CORE-01
ALR-00326 5h ago Suspicious Scheduled Task Informational Resolved WS-PC-001
ALR-00429 11h ago Suspicious Scheduled Task Informational Escalated WS-PC-006