Lateral Movement Detected
Low
False Positive
ALR-00069 · 2026-07-09T12:36:10Z
Description
Email Gateway detected lateral movement from WS-PC-001 to SRV-DC-01 using user 'system' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
12:36:10
Event ingested by SOC365 Engine
12:36:12
EmilyAI triage started — correlation enrichment
12:36:23
EmilyAI confidence: 80% — escalated to human analyst
12:36:49
Alert assigned to analyst: EmilyAI (auto)
12:38:42
Investigation started — querying SIEM and threat intelligence
12:43:26
Containment action taken — endpoint isolated
12:46:27
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00166 | 3m ago | Suspicious PowerShell Execution | Informational | Resolved | WS-PC-001 |
| ALR-00178 | 4h ago | Certificate Anomaly | Informational | Escalated | WS-PC-001 |
| ALR-00087 | 5h ago | Lateral Movement Detected | Informational | Resolved | WS-MAC-005 |
| ALR-00006 | 10h ago | Lateral Movement Detected | Low | Resolved | WS-PC-003 |
| ALR-00095 | 13h ago | Lateral Movement Detected | High | Investigating | SRV-DC-01 |