Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:43:46 UTC

Lateral Movement Detected

Low False Positive
ALR-00009 · 2026-07-07T08:11:54Z

Description

Firewall detected lateral movement from WS-LAP-012 to SRV-DC-01 using user 'h.roberts' credentials. SMB admin shares accessed.

Alert Metadata

Alert ID
ALR-00009
Timestamp
2026-07-07T08:11:54Z
Severity
Low
Status
False Positive
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-012
User Account
h.roberts
Source IP
194.241.62.147
Destination IP
10.1.53.59
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1021.002
Reference
attack.mitre.org/techniques/T1021.002

Investigation Timeline

08:11:54 Event ingested by SOC365 Engine
08:11:59 EmilyAI triage started — correlation enrichment
08:11:59 EmilyAI confidence: 86% — escalated to human analyst
08:12:22 Alert assigned to analyst: EmilyAI (auto)
08:14:47 Investigation started — querying SIEM and threat intelligence
08:15:30 Containment action taken — endpoint isolated
08:27:08 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00469 2h ago Ransomware Behaviour Detected Informational Open WS-LAP-012
ALR-00436 6h ago DLP Policy Violation Informational False Positive WS-LAP-012
ALR-00399 8h ago Lateral Movement Detected High Open SRV-FILE-01
ALR-00418 16h ago DecoyPulse Honeypot Triggered Low False Positive WS-LAP-012
ALR-00053 21h ago Insider Threat Indicator Critical Investigating WS-LAP-012