Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:27:01 UTC

Pass-the-Hash Detected

High Escalated
ALR-00001 · 2026-07-09T22:03:43Z

Description

Pass-the-Hash technique detected on SRV-WEB-01. NTLM authentication from 'h.roberts' without standard Kerberos ticket. Endpoint Agent flagged.

Alert Metadata

Alert ID
ALR-00001
Timestamp
2026-07-09T22:03:43Z
Severity
High
Status
Escalated
Detection Source
Endpoint Agent
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-WEB-01
User Account
h.roberts
Source IP
185.16.220.102
Destination IP
10.0.163.253
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1550.002
Reference
attack.mitre.org/techniques/T1550.002

Investigation Timeline

22:03:43 Event ingested by SOC365 Engine
22:03:46 EmilyAI triage started — correlation enrichment
22:03:52 EmilyAI confidence: 91% — escalated to human analyst
22:04:07 Alert assigned to analyst: Marcus Webb
22:04:42 Investigation started — querying SIEM and threat intelligence
22:12:51 Containment action taken — endpoint isolated
22:21:50 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00169 4h ago Phishing Email Blocked Low Open SRV-WEB-01
ALR-00403 5h ago Credential Stuffing Attempt Low Resolved SRV-WEB-01
ALR-00151 5h ago Pass-the-Hash Detected Low False Positive WS-MAC-005
ALR-00114 6h ago Credential Stuffing Attempt Informational Escalated SRV-WEB-01
ALR-00035 18h ago Suspicious PowerShell Execution High Escalated SRV-WEB-01