Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:24:05 UTC

Pass-the-Hash Detected

Informational False Positive
ALR-00007 · 2026-07-09T10:41:50Z

Description

Pass-the-Hash technique detected on WS-LAP-012. NTLM authentication from 'n.clark' without standard Kerberos ticket. Email Gateway flagged.

Alert Metadata

Alert ID
ALR-00007
Timestamp
2026-07-09T10:41:50Z
Severity
Informational
Status
False Positive
Detection Source
Email Gateway
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-012
User Account
n.clark
Source IP
91.59.195.188
Destination IP
10.3.56.138
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1550.002
Reference
attack.mitre.org/techniques/T1550.002

Investigation Timeline

10:41:50 Event ingested by SOC365 Engine
10:41:51 EmilyAI triage started — correlation enrichment
10:42:01 EmilyAI confidence: 88% — escalated to human analyst
10:42:14 Alert assigned to analyst: EmilyAI (auto)
10:43:10 Investigation started — querying SIEM and threat intelligence
10:49:14 Containment action taken — endpoint isolated
10:58:11 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00268 4h ago Shadow IT Discovery Informational False Positive WS-LAP-012
ALR-00348 17h ago Rogue DHCP Server Medium Resolved WS-LAP-012
ALR-00014 1d ago Pass-the-Hash Detected Informational Escalated SRV-DC-01
ALR-00124 1d ago Unusual Outbound Traffic Informational Open WS-LAP-012
ALR-00050 1d ago Unusual Outbound Traffic Informational False Positive WS-LAP-012