Kerberoasting Attempt
Medium
False Positive
ALR-00085 · 2026-07-07T05:56:17Z
Description
Kerberoasting attack detected: user 'system' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by SOC365 Engine.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
05:56:17
Event ingested by SOC365 Engine
05:56:22
EmilyAI triage started — correlation enrichment
05:56:26
EmilyAI confidence: 79% — escalated to human analyst
05:56:48
Alert assigned to analyst: Marcus Webb
05:58:27
Investigation started — querying SIEM and threat intelligence
06:05:08
Containment action taken — endpoint isolated
06:09:15
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00260 | 6h ago | Kerberoasting Attempt | Low | Escalated | WS-PC-002 |
| ALR-00318 | 8h ago | Kerberoasting Attempt | Medium | Open | VM-DEV-01 |
| ALR-00417 | 11h ago | Ransomware Behaviour Detected | Medium | Escalated | WS-PC-001 |
| ALR-00131 | 14h ago | Insider Threat Indicator | Medium | False Positive | WS-PC-001 |
| ALR-00036 | 20h ago | Suspicious PowerShell Execution | Critical | Open | WS-PC-001 |