Suspicious PowerShell Execution
Low
Open
ALR-00378 · 2026-07-08T23:39:06Z
Description
Encoded PowerShell command executed on WS-PC-002 by user 'k.brown'. Command attempts to download and execute remote payload. Flagged by Endpoint Agent.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
23:39:06
Event ingested by SOC365 Engine
23:39:11
EmilyAI triage started — correlation enrichment
23:39:18
EmilyAI confidence: 80% — escalated to human analyst
23:39:27
Alert assigned to analyst: EmilyAI (auto)
23:40:29
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00387 | 1h ago | Suspicious PowerShell Execution | Medium | False Positive | SRV-WEB-01 |
| ALR-00158 | 3h ago | C2 Beacon Activity | High | Escalated | WS-PC-002 |
| ALR-00003 | 4h ago | Certificate Anomaly | Low | Resolved | WS-PC-002 |
| ALR-00142 | 19h ago | DLP Policy Violation | Low | Investigating | WS-PC-002 |
| ALR-00029 | 1d ago | Lateral Movement Detected | Low | Open | WS-PC-002 |