Lateral Movement Detected
Low
Resolved
ALR-00086 · 2026-07-09T11:55:42Z
Description
Dark Web Monitor detected lateral movement from SRV-APP-01 to SRV-DC-01 using user 'e.evans' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:55:42
Event ingested by SOC365 Engine
11:55:43
EmilyAI triage started — correlation enrichment
11:55:47
EmilyAI confidence: 80% — escalated to human analyst
11:56:15
Alert assigned to analyst: EmilyAI (auto)
11:57:55
Investigation started — querying SIEM and threat intelligence
12:01:59
Containment action taken — endpoint isolated
12:08:39
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00076 | 2h ago | Rogue DHCP Server | Informational | Investigating | SRV-APP-01 |
| ALR-00200 | 11h ago | Unusual Outbound Traffic | Medium | Resolved | SRV-APP-01 |
| ALR-00315 | 17h ago | Lateral Movement Detected | High | Investigating | WS-MAC-005 |
| ALR-00499 | 1d ago | Lateral Movement Detected | Low | Escalated | SRV-MAIL-01 |
| ALR-00235 | 1d ago | Lateral Movement Detected | Medium | Open | WS-MAC-005 |