Suspicious PowerShell Execution
Low
Investigating
ALR-00371 · 2026-07-06T13:52:34Z
Description
Encoded PowerShell command executed on WS-PC-006 by user 'system'. Command attempts to download and execute remote payload. Flagged by Attack Surface Scanner.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
13:52:34
Event ingested by SOC365 Engine
13:52:35
EmilyAI triage started — correlation enrichment
13:52:40
EmilyAI confidence: 78% — escalated to human analyst
13:53:07
Alert assigned to analyst: EmilyAI (auto)
13:54:19
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00086 | 3h ago | Suspicious PowerShell Execution | Informational | Open | SRV-FILE-01 |
| ALR-00250 | 6h ago | Suspicious PowerShell Execution | Low | Resolved | SRV-FILE-01 |
| ALR-00366 | 7h ago | Unusual Outbound Traffic | Medium | Investigating | WS-PC-006 |
| ALR-00176 | 14h ago | Pass-the-Hash Detected | Informational | Investigating | WS-PC-006 |
| ALR-00431 | 17h ago | Unauthorised USB Device | Low | Escalated | WS-PC-006 |