Lateral Movement Detected
High
Investigating
ALR-00090 · 2026-05-20T18:55:18Z
Description
Endpoint Agent detected lateral movement from WS-LAP-012 to SRV-DC-01 using user 'n.clark' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
18:55:18
Event ingested by SOC365 Engine
18:55:21
EmilyAI triage started — correlation enrichment
18:55:28
EmilyAI confidence: 85% — escalated to human analyst
18:55:52
Alert assigned to analyst: James Okonkwo
18:56:18
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00144 | 2h ago | Lateral Movement Detected | Critical | Escalated | WS-MAC-005 |
| ALR-00309 | 3h ago | Phishing Email Blocked | Medium | Investigating | WS-LAP-012 |
| ALR-00368 | 5h ago | Lateral Movement Detected | Medium | Open | SRV-MAIL-01 |
| ALR-00026 | 6h ago | Shadow IT Discovery | Low | Escalated | WS-LAP-012 |
| ALR-00280 | 9h ago | Lateral Movement Detected | Medium | Escalated | SRV-APP-01 |