Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:51:18 UTC

Suspicious PowerShell Execution

Informational Resolved
ALR-00469 · 2026-07-05T00:06:51Z

Description

Encoded PowerShell command executed on SRV-SQL-01 by user 'm.taylor'. Command attempts to download and execute remote payload. Flagged by Email Gateway.

Alert Metadata

Alert ID
ALR-00469
Timestamp
2026-07-05T00:06:51Z
Severity
Informational
Status
Resolved
Detection Source
Email Gateway
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-SQL-01
User Account
m.taylor
Source IP
45.159.148.83
Destination IP
10.0.35.176
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Execution
Technique
T1059.001
Reference
attack.mitre.org/techniques/T1059.001

Investigation Timeline

00:06:51 Event ingested by SOC365 Engine
00:06:55 EmilyAI triage started — correlation enrichment
00:07:02 EmilyAI confidence: 84% — escalated to human analyst
00:07:17 Alert assigned to analyst: EmilyAI (auto)
00:08:11 Investigation started — querying SIEM and threat intelligence
00:14:18 Containment action taken — endpoint isolated
00:24:09 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00194 58m ago Suspicious PowerShell Execution Informational False Positive WS-LAP-011
ALR-00396 1h ago Suspicious Scheduled Task Low Resolved SRV-SQL-01
ALR-00291 14h ago Shadow IT Discovery Informational Investigating SRV-SQL-01
ALR-00351 17h ago Tor Exit Node Connection Informational Investigating SRV-SQL-01
ALR-00441 21h ago Phishing Email Blocked Informational Open SRV-SQL-01