Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:52:32 UTC

Pass-the-Hash Detected

Medium Escalated
ALR-00028 · 2026-05-24T20:32:58Z

Description

Pass-the-Hash technique detected on WS-PC-003. NTLM authentication from 'a.wilson' without standard Kerberos ticket. Firewall flagged.

Alert Metadata

Alert ID
ALR-00028
Timestamp
2026-05-24T20:32:58Z
Severity
Medium
Status
Escalated
Detection Source
Firewall
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-PC-003
User Account
a.wilson
Source IP
103.27.216.173
Destination IP
10.1.216.177
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1550.002
Reference
attack.mitre.org/techniques/T1550.002

Investigation Timeline

20:32:58 Event ingested by SOC365 Engine
20:32:59 EmilyAI triage started — correlation enrichment
20:33:04 EmilyAI confidence: 96% — escalated to human analyst
20:33:32 Alert assigned to analyst: James Okonkwo
20:34:25 Investigation started — querying SIEM and threat intelligence
20:42:46 Containment action taken — endpoint isolated
20:43:40 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00354 1h ago Unusual Outbound Traffic Informational False Positive WS-PC-003
ALR-00209 3h ago DecoyPulse Honeypot Triggered Low False Positive WS-PC-003
ALR-00119 3h ago Unauthorised USB Device Informational Escalated WS-PC-003
ALR-00267 8h ago Ransomware Behaviour Detected High Escalated WS-PC-003
ALR-00105 16h ago Pass-the-Hash Detected Informational Open SRV-BACKUP-01