Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:55:07 UTC

Kerberoasting Attempt

Medium Investigating
ALR-00061 · 2026-04-08T13:29:57Z

Description

Kerberoasting attack detected: user 'm.taylor' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by Email Gateway.

Alert Metadata

Alert ID
ALR-00061
Timestamp
2026-04-08T13:29:57Z
Severity
Medium
Status
Investigating
Detection Source
Email Gateway
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-LAP-011
User Account
m.taylor
Source IP
103.38.216.101
Destination IP
10.2.13.159
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1558.003
Reference
attack.mitre.org/techniques/T1558.003

Investigation Timeline

13:29:57 Event ingested by SOC365 Engine
13:30:01 EmilyAI triage started — correlation enrichment
13:30:11 EmilyAI confidence: 87% — escalated to human analyst
13:30:34 Alert assigned to analyst: James Okonkwo
13:30:59 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00125 57m ago Credential Stuffing Attempt Low Investigating WS-LAP-011
ALR-00173 6h ago Kerberoasting Attempt Low Investigating WS-LAP-011
ALR-00163 10h ago Suspicious Scheduled Task Low Resolved WS-LAP-011
ALR-00264 11h ago Port Scan Detected Critical Investigating WS-LAP-011
ALR-00149 12h ago Unusual Outbound Traffic Low Investigating WS-LAP-011