Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 16:54:52 UTC

Suspicious Scheduled Task

Medium Escalated
ALR-00405 · 2026-04-06T17:11:45Z

Description

New scheduled task created on SRV-WEB-01 by 'm.taylor' running encoded batch script at 02:00 daily. No change request on file.

Alert Metadata

Alert ID
ALR-00405
Timestamp
2026-04-06T17:11:45Z
Severity
Medium
Status
Escalated
Detection Source
DLP Module
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SRV-WEB-01
User Account
m.taylor
Source IP
185.3.220.90
Destination IP
10.0.190.65
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Persistence
Technique
T1053.005
Reference
attack.mitre.org/techniques/T1053.005

Investigation Timeline

17:11:45 Event ingested by SOC365 Engine
17:11:47 EmilyAI triage started — correlation enrichment
17:11:51 EmilyAI confidence: 96% — escalated to human analyst
17:12:22 Alert assigned to analyst: Anika Patel
17:13:51 Investigation started — querying SIEM and threat intelligence
17:16:47 Containment action taken — endpoint isolated
17:27:05 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00179 8h ago Suspicious Scheduled Task Informational Open WS-PC-001
ALR-00463 14h ago Suspicious Scheduled Task Informational Investigating SW-CORE-01
ALR-00460 20h ago Unusual Outbound Traffic Medium Investigating SRV-WEB-01
ALR-00399 21h ago Suspicious PowerShell Execution Medium Escalated SRV-WEB-01
ALR-00145 22h ago Tor Exit Node Connection Medium Escalated SRV-WEB-01