Lateral Movement Detected
Medium
False Positive
ALR-00070 · 2026-07-09T16:21:22Z
Description
DLP Module detected lateral movement from SRV-APP-01 to SRV-DC-01 using user 'c.williams' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
16:21:22
Event ingested by SOC365 Engine
16:21:27
EmilyAI triage started — correlation enrichment
16:21:32
EmilyAI confidence: 95% — escalated to human analyst
16:22:04
Alert assigned to analyst: Emma Richardson
16:23:38
Investigation started — querying SIEM and threat intelligence
16:28:28
Containment action taken — endpoint isolated
16:36:38
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00241 | 18m ago | Kerberoasting Attempt | Low | Escalated | SRV-APP-01 |
| ALR-00095 | 22m ago | Data Exfiltration Attempt | Medium | Investigating | SRV-APP-01 |
| ALR-00055 | 3h ago | Port Scan Detected | High | Open | SRV-APP-01 |
| ALR-00192 | 10h ago | Lateral Movement Detected | Medium | Resolved | WS-MAC-005 |
| ALR-00231 | 10h ago | Pass-the-Hash Detected | Informational | Resolved | SRV-APP-01 |