Lateral Movement Detected
Low
Resolved
ALR-00072 · 2026-07-09T03:56:11Z
Description
Dark Web Monitor detected lateral movement from WS-PC-001 to SRV-DC-01 using user 'system' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
03:56:11
Event ingested by SOC365 Engine
03:56:13
EmilyAI triage started — correlation enrichment
03:56:21
EmilyAI confidence: 89% — escalated to human analyst
03:56:39
Alert assigned to analyst: EmilyAI (auto)
03:57:18
Investigation started — querying SIEM and threat intelligence
03:59:50
Containment action taken — endpoint isolated
04:15:02
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00314 | 2h ago | Phishing Email Blocked | Medium | Open | WS-PC-001 |
| ALR-00392 | 4h ago | Pass-the-Hash Detected | Low | Investigating | WS-PC-001 |
| ALR-00477 | 13h ago | Kerberoasting Attempt | Informational | Investigating | WS-PC-001 |
| ALR-00054 | 13h ago | Ransomware Behaviour Detected | Informational | Investigating | WS-PC-001 |
| ALR-00315 | 17h ago | Lateral Movement Detected | High | Investigating | WS-MAC-005 |