Pass-the-Hash Detected
Informational
Resolved
ALR-00109 · 2026-05-26T14:13:15Z
Description
Pass-the-Hash technique detected on WS-LAP-011. NTLM authentication from 'p.thomas' without standard Kerberos ticket. EmilyAI Triage flagged.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
14:13:15
Event ingested by SOC365 Engine
14:13:17
EmilyAI triage started — correlation enrichment
14:13:28
EmilyAI confidence: 95% — escalated to human analyst
14:13:52
Alert assigned to analyst: EmilyAI (auto)
14:14:02
Investigation started — querying SIEM and threat intelligence
14:16:44
Containment action taken — endpoint isolated
14:26:05
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00162 | 3h ago | C2 Beacon Activity | High | Escalated | WS-LAP-011 |
| ALR-00025 | 7h ago | Rogue DHCP Server | Medium | False Positive | WS-LAP-011 |
| ALR-00465 | 8h ago | Pass-the-Hash Detected | Medium | Escalated | WS-MAC-005 |
| ALR-00139 | 11h ago | C2 Beacon Activity | Low | Resolved | WS-LAP-011 |
| ALR-00152 | 15h ago | Brute Force SSH | Informational | Investigating | WS-LAP-011 |