Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:55:37 UTC

Suspicious PowerShell Execution

Medium Escalated
ALR-00442 · 2026-07-08T16:51:07Z

Description

Encoded PowerShell command executed on WS-LAP-012 by user 'h.roberts'. Command attempts to download and execute remote payload. Flagged by Firewall.

Alert Metadata

Alert ID
ALR-00442
Timestamp
2026-07-08T16:51:07Z
Severity
Medium
Status
Escalated
Detection Source
Firewall
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
WS-LAP-012
User Account
h.roberts
Source IP
194.54.62.210
Destination IP
10.0.161.175
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Execution
Technique
T1059.001
Reference
attack.mitre.org/techniques/T1059.001

Investigation Timeline

16:51:07 Event ingested by SOC365 Engine
16:51:11 EmilyAI triage started — correlation enrichment
16:51:20 EmilyAI confidence: 85% — escalated to human analyst
16:51:34 Alert assigned to analyst: Sarah Chen
16:52:51 Investigation started — querying SIEM and threat intelligence
16:54:51 Containment action taken — endpoint isolated
17:06:41 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00086 3h ago Suspicious PowerShell Execution Informational Open SRV-FILE-01
ALR-00035 6h ago Malware Signature Match Medium Escalated WS-LAP-012
ALR-00250 6h ago Suspicious PowerShell Execution Low Resolved SRV-FILE-01
ALR-00365 7h ago C2 Beacon Activity Medium False Positive WS-LAP-012
ALR-00236 18h ago Suspicious PowerShell Execution Informational Escalated WS-LAP-012