Suspicious PowerShell Execution
High
Escalated
ALR-00324 · 2026-07-05T20:19:24Z
Description
Encoded PowerShell command executed on AP-WIFI-03 by user 'n.clark'. Command attempts to download and execute remote payload. Flagged by Email Gateway.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
20:19:24
Event ingested by SOC365 Engine
20:19:26
EmilyAI triage started — correlation enrichment
20:19:36
EmilyAI confidence: 95% — escalated to human analyst
20:20:06
Alert assigned to analyst: Anika Patel
20:20:58
Investigation started — querying SIEM and threat intelligence
20:22:55
Containment action taken — endpoint isolated
20:33:10
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00196 | 28m ago | Port Scan Detected | Medium | Resolved | AP-WIFI-03 |
| ALR-00194 | 58m ago | Suspicious PowerShell Execution | Informational | False Positive | WS-LAP-011 |
| ALR-00470 | 21h ago | Phishing Email Blocked | Informational | Open | AP-WIFI-03 |
| ALR-00068 | 22h ago | Suspicious PowerShell Execution | Low | Investigating | SRV-APP-01 |
| ALR-00163 | 1d ago | Suspicious PowerShell Execution | High | Investigating | SRV-SQL-01 |