Suspicious PowerShell Execution
Informational
Investigating
ALR-00370 · 2026-05-21T03:56:27Z
Description
Encoded PowerShell command executed on SRV-FILE-01 by user 'system'. Command attempts to download and execute remote payload. Flagged by SOC365 Engine.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
03:56:27
Event ingested by SOC365 Engine
03:56:31
EmilyAI triage started — correlation enrichment
03:56:34
EmilyAI confidence: 96% — escalated to human analyst
03:57:08
Alert assigned to analyst: EmilyAI (auto)
03:58:07
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00436 | 1h ago | Suspicious PowerShell Execution | Medium | Open | SRV-APP-01 |
| ALR-00221 | 5h ago | Anomalous DNS Query | Low | False Positive | SRV-FILE-01 |
| ALR-00250 | 6h ago | Suspicious PowerShell Execution | High | Escalated | SRV-WEB-01 |
| ALR-00288 | 8h ago | DLP Policy Violation | Low | Investigating | SRV-FILE-01 |
| ALR-00076 | 10h ago | Suspicious PowerShell Execution | Low | Open | WS-MAC-005 |