{
  "alertTime": "2026-02-02T11:07:12Z",
  "hostname": "SRV-FILE-01",
  "username": "a.smith",
  "alertType": "Suspicious PowerShell EncodedCommand",
  "severity": "medium",
  "network": {
    "destinationIp": "198.51.100.10",
    "destinationPort": 80
  },
  "process": {
    "name": "powershell.exe",
    "path": "C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe"
  }
}