Pass-the-Hash Detected
Medium
Resolved
ALR-00056 · 2026-07-09T20:52:20Z
Description
Pass-the-Hash technique detected on WS-MAC-005. NTLM authentication from 'd.walker' without standard Kerberos ticket. Dark Web Monitor flagged.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
20:52:20
Event ingested by SOC365 Engine
20:52:25
EmilyAI triage started — correlation enrichment
20:52:30
EmilyAI confidence: 96% — escalated to human analyst
20:52:53
Alert assigned to analyst: James Okonkwo
20:55:03
Investigation started — querying SIEM and threat intelligence
21:00:10
Containment action taken — endpoint isolated
21:08:30
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00158 | 1h ago | Malware Signature Match | Low | Escalated | WS-MAC-005 |
| ALR-00416 | 4h ago | Unusual Outbound Traffic | Informational | Escalated | WS-MAC-005 |
| ALR-00339 | 7h ago | Data Exfiltration Attempt | Low | Escalated | WS-MAC-005 |
| ALR-00023 | 8h ago | DLP Policy Violation | Medium | Resolved | WS-MAC-005 |
| ALR-00030 | 8h ago | Pass-the-Hash Detected | Informational | Escalated | FW-EDGE-01 |