Kerberoasting Attempt
Informational
Resolved
ALR-00045 · 2026-07-10T17:01:14Z
Description
Kerberoasting attack detected: user 'm.taylor' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by Cloud Connector.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
17:01:14
Event ingested by SOC365 Engine
17:01:19
EmilyAI triage started — correlation enrichment
17:01:24
EmilyAI confidence: 84% — escalated to human analyst
17:01:44
Alert assigned to analyst: EmilyAI (auto)
17:03:25
Investigation started — querying SIEM and threat intelligence
17:05:43
Containment action taken — endpoint isolated
17:11:35
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00441 | 2h ago | Certificate Anomaly | Informational | Open | VM-DEV-01 |
| ALR-00259 | 6h ago | Failed MFA Challenge | Low | Resolved | VM-DEV-01 |
| ALR-00065 | 12h ago | Kerberoasting Attempt | Informational | Open | SW-CORE-01 |
| ALR-00104 | 13h ago | Kerberoasting Attempt | Informational | False Positive | SRV-FILE-01 |
| ALR-00246 | 15h ago | Kerberoasting Attempt | Medium | Investigating | SRV-BACKUP-01 |