Privilege Escalation Attempt
Low
Investigating
ALR-00048 · 2026-07-09T03:42:40Z
Description
User 'c.williams' on WS-PC-003 attempted to escalate to SYSTEM via token manipulation. DLP Module blocked the attempt.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
03:42:40
Event ingested by SOC365 Engine
03:42:42
EmilyAI triage started — correlation enrichment
03:42:51
EmilyAI confidence: 90% — escalated to human analyst
03:43:14
Alert assigned to analyst: EmilyAI (auto)
03:44:07
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00447 | 2h ago | Privilege Escalation Attempt | Informational | Resolved | SRV-FILE-01 |
| ALR-00043 | 3h ago | C2 Beacon Activity | Low | Open | WS-PC-003 |
| ALR-00426 | 3h ago | Privilege Escalation Attempt | High | Investigating | WS-PC-004 |
| ALR-00297 | 5h ago | Shadow IT Discovery | Low | Open | WS-PC-003 |
| ALR-00383 | 12h ago | Port Scan Detected | Medium | False Positive | WS-PC-003 |