Kerberoasting Attempt
Informational
Open
ALR-00065 · 2026-07-11T06:07:45Z
Description
Kerberoasting attack detected: user 's.jones' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by SOC365 Engine.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
06:07:45
Event ingested by SOC365 Engine
06:07:48
EmilyAI triage started — correlation enrichment
06:07:55
EmilyAI confidence: 78% — escalated to human analyst
06:08:14
Alert assigned to analyst: EmilyAI (auto)
06:10:21
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00104 | 13h ago | Kerberoasting Attempt | Informational | False Positive | SRV-FILE-01 |
| ALR-00246 | 15h ago | Kerberoasting Attempt | Medium | Investigating | SRV-BACKUP-01 |
| ALR-00497 | 19h ago | Kerberoasting Attempt | Medium | Escalated | SRV-APP-01 |
| ALR-00047 | 23h ago | Unusual Outbound Traffic | Informational | Escalated | SW-CORE-01 |
| ALR-00045 | 1d ago | Kerberoasting Attempt | Informational | Resolved | VM-DEV-01 |