Phishing Email Blocked

Medium Resolved

ALR-00426 · 2026-05-23T09:09:52Z

Description

Phishing email targeting 'm.taylor@company.co.uk' blocked by Attack Surface Scanner. Payload: credential harvesting link mimicking Microsoft 365 login.

Alert Metadata

Alert ID: ALR-00426
Timestamp: 2026-05-23T09:09:52Z
Severity: Medium
Status: Resolved
Detection Source: Attack Surface Scanner
Assigned Analyst: Anika Patel

Endpoint Information

Hostname: WS-PC-001
User Account: m.taylor
Source IP: 91.91.195.169
Destination IP: 10.3.31.118
Origin Country: UA Ukraine

MITRE ATT&CK Mapping

Tactic: Initial Access
Technique: T1566.001
Reference: attack.mitre.org/techniques/T1566.001

Investigation Timeline

09:09:52 Event ingested by SOC365 Engine

09:09:57 EmilyAI triage started — correlation enrichment

09:10:04 EmilyAI confidence: 81% — escalated to human analyst

09:10:12 Alert assigned to analyst: Anika Patel

09:11:05 Investigation started — querying SIEM and threat intelligence

09:15:46 Containment action taken — endpoint isolated

09:23:25 Alert resolved — remediation complete

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00256	6h ago	Shadow IT Discovery	Low	Escalated	WS-PC-001
ALR-00175	6h ago	Phishing Email Blocked	Medium	Open	SRV-SQL-01
ALR-00163	7h ago	Anomalous DNS Query	Medium	False Positive	WS-PC-001
ALR-00381	11h ago	Suspicious PowerShell Execution	Low	Escalated	WS-PC-001
ALR-00132	11h ago	Phishing Email Blocked	Low	Investigating	WS-LAP-011