Kerberoasting Attempt
Low
Escalated
ALR-00068 · 2026-07-10T13:06:57Z
Description
Kerberoasting attack detected: user 'm.taylor' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by Attack Surface Scanner.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
13:06:57
Event ingested by SOC365 Engine
13:06:58
EmilyAI triage started — correlation enrichment
13:07:06
EmilyAI confidence: 83% — escalated to human analyst
13:07:25
Alert assigned to analyst: EmilyAI (auto)
13:07:57
Investigation started — querying SIEM and threat intelligence
13:10:20
Containment action taken — endpoint isolated
13:26:16
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00012 | 12m ago | Kerberoasting Attempt | Informational | False Positive | SRV-APP-01 |
| ALR-00061 | 16h ago | Phishing Email Blocked | High | Investigating | WS-PC-006 |
| ALR-00117 | 1d ago | Suspicious Scheduled Task | Low | Open | WS-PC-006 |
| ALR-00154 | 1d ago | Brute Force SSH | Medium | False Positive | WS-PC-006 |
| ALR-00416 | 1d ago | Credential Stuffing Attempt | Medium | Escalated | WS-PC-006 |