Kerberoasting Attempt
Medium
Investigating
ALR-00049 · 2026-07-09T22:59:48Z
Description
Kerberoasting attack detected: user 'n.clark' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by Email Gateway.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
22:59:48
Event ingested by SOC365 Engine
22:59:50
EmilyAI triage started — correlation enrichment
22:59:56
EmilyAI confidence: 84% — escalated to human analyst
23:00:32
Alert assigned to analyst: Marcus Webb
23:02:28
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00079 | 6m ago | Tor Exit Node Connection | Informational | Resolved | WS-LAP-010 |
| ALR-00454 | 39m ago | Credential Stuffing Attempt | High | Investigating | WS-LAP-010 |
| ALR-00166 | 3h ago | Pass-the-Hash Detected | Low | Resolved | WS-LAP-010 |
| ALR-00413 | 4h ago | Shadow IT Discovery | Low | Investigating | WS-LAP-010 |
| ALR-00092 | 8h ago | Kerberoasting Attempt | Medium | Escalated | WS-PC-006 |