Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:03:40 UTC

Suspicious PowerShell Execution

Medium Escalated
ALR-00387 · 2026-05-21T21:36:14Z

Description

Encoded PowerShell command executed on FW-EDGE-01 by user 'm.taylor'. Command attempts to download and execute remote payload. Flagged by DLP Module.

Alert Metadata

Alert ID
ALR-00387
Timestamp
2026-05-21T21:36:14Z
Severity
Medium
Status
Escalated
Detection Source
DLP Module
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
FW-EDGE-01
User Account
m.taylor
Source IP
185.15.220.229
Destination IP
10.3.238.123
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Execution
Technique
T1059.001
Reference
attack.mitre.org/techniques/T1059.001

Investigation Timeline

21:36:14 Event ingested by SOC365 Engine
21:36:18 EmilyAI triage started — correlation enrichment
21:36:27 EmilyAI confidence: 87% — escalated to human analyst
21:36:31 Alert assigned to analyst: Marcus Webb
21:38:22 Investigation started — querying SIEM and threat intelligence
21:41:21 Containment action taken — endpoint isolated
21:48:29 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00002 6h ago Malware Signature Match Low Open FW-EDGE-01
ALR-00467 7h ago Pass-the-Hash Detected Medium Escalated FW-EDGE-01
ALR-00283 9h ago Data Exfiltration Attempt Informational Investigating FW-EDGE-01
ALR-00381 11h ago Suspicious PowerShell Execution Low Escalated WS-PC-001
ALR-00199 18h ago Suspicious PowerShell Execution Low False Positive VM-DEV-01