Suspicious PowerShell Execution
High
Open
ALR-00391 · 2026-07-09T20:40:01Z
Description
Encoded PowerShell command executed on WS-PC-002 by user 'j.smith'. Command attempts to download and execute remote payload. Flagged by Cloud Connector.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
20:40:01
Event ingested by SOC365 Engine
20:40:04
EmilyAI triage started — correlation enrichment
20:40:16
EmilyAI confidence: 85% — escalated to human analyst
20:40:46
Alert assigned to analyst: James Okonkwo
20:41:40
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00345 | 45m ago | Kerberoasting Attempt | Medium | Investigating | WS-PC-002 |
| ALR-00198 | 10h ago | Phishing Email Blocked | Low | Resolved | WS-PC-002 |
| ALR-00226 | 1d ago | Failed MFA Challenge | Critical | Investigating | WS-PC-002 |
| ALR-00425 | 1d ago | DLP Policy Violation | Informational | Escalated | WS-PC-002 |
| ALR-00458 | 1d ago | Shadow IT Discovery | High | Open | WS-PC-002 |