Lateral Movement Detected
Informational
False Positive
ALR-00069 · 2026-07-08T12:39:00Z
Description
Cloud Connector detected lateral movement from SRV-MAIL-01 to SRV-DC-01 using user 'd.walker' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
12:39:00
Event ingested by SOC365 Engine
12:39:05
EmilyAI triage started — correlation enrichment
12:39:11
EmilyAI confidence: 90% — escalated to human analyst
12:39:36
Alert assigned to analyst: EmilyAI (auto)
12:41:43
Investigation started — querying SIEM and threat intelligence
12:44:52
Containment action taken — endpoint isolated
12:54:43
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00397 | 13h ago | DLP Policy Violation | Low | Investigating | SRV-MAIL-01 |
| ALR-00032 | 14h ago | Suspicious Scheduled Task | Informational | False Positive | SRV-MAIL-01 |
| ALR-00471 | 14h ago | Failed MFA Challenge | Informational | Resolved | SRV-MAIL-01 |
| ALR-00315 | 17h ago | Lateral Movement Detected | High | Investigating | WS-MAC-005 |
| ALR-00161 | 17h ago | C2 Beacon Activity | Low | False Positive | SRV-MAIL-01 |