Suspicious PowerShell Execution
Medium
Escalated
ALR-00442 · 2026-07-08T16:51:07Z
Description
Encoded PowerShell command executed on WS-LAP-012 by user 'h.roberts'. Command attempts to download and execute remote payload. Flagged by Firewall.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
16:51:07
Event ingested by SOC365 Engine
16:51:11
EmilyAI triage started — correlation enrichment
16:51:20
EmilyAI confidence: 85% — escalated to human analyst
16:51:34
Alert assigned to analyst: Sarah Chen
16:52:51
Investigation started — querying SIEM and threat intelligence
16:54:51
Containment action taken — endpoint isolated
17:06:41
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00086 | 3h ago | Suspicious PowerShell Execution | Informational | Open | SRV-FILE-01 |
| ALR-00035 | 6h ago | Malware Signature Match | Medium | Escalated | WS-LAP-012 |
| ALR-00250 | 6h ago | Suspicious PowerShell Execution | Low | Resolved | SRV-FILE-01 |
| ALR-00365 | 7h ago | C2 Beacon Activity | Medium | False Positive | WS-LAP-012 |
| ALR-00236 | 18h ago | Suspicious PowerShell Execution | Informational | Escalated | WS-LAP-012 |