Suspicious PowerShell Execution
Medium
Resolved
ALR-00374 · 2026-07-09T06:53:31Z
Description
Encoded PowerShell command executed on SRV-FILE-01 by user 'f.hall'. Command attempts to download and execute remote payload. Flagged by Firewall.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
06:53:31
Event ingested by SOC365 Engine
06:53:34
EmilyAI triage started — correlation enrichment
06:53:43
EmilyAI confidence: 88% — escalated to human analyst
06:53:50
Alert assigned to analyst: Emma Richardson
06:56:18
Investigation started — querying SIEM and threat intelligence
06:59:18
Containment action taken — endpoint isolated
07:10:28
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00387 | 1h ago | Suspicious PowerShell Execution | Medium | False Positive | SRV-WEB-01 |
| ALR-00249 | 1h ago | Unusual Outbound Traffic | Low | False Positive | SRV-FILE-01 |
| ALR-00130 | 4h ago | Pass-the-Hash Detected | Medium | Escalated | SRV-FILE-01 |
| ALR-00496 | 6h ago | Port Scan Detected | Low | Resolved | SRV-FILE-01 |
| ALR-00086 | 11h ago | Port Scan Detected | Medium | Open | SRV-FILE-01 |