Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:02:36 UTC

Kerberoasting Attempt

High Open
ALR-00111 · 2026-05-26T11:56:45Z

Description

Kerberoasting attack detected: user 'm.taylor' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by Network IDS.

Alert Metadata

Alert ID
ALR-00111
Timestamp
2026-05-26T11:56:45Z
Severity
High
Status
Open
Detection Source
Network IDS
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
WS-PC-006
User Account
m.taylor
Source IP
194.149.62.235
Destination IP
10.2.85.235
Origin Country
FR France

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1558.003
Reference
attack.mitre.org/techniques/T1558.003

Investigation Timeline

11:56:45 Event ingested by SOC365 Engine
11:56:46 EmilyAI triage started — correlation enrichment
11:57:00 EmilyAI confidence: 94% — escalated to human analyst
11:57:22 Alert assigned to analyst: Anika Patel
11:59:31 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00455 29m ago Kerberoasting Attempt Medium Resolved SRV-FILE-01
ALR-00191 1h ago Anomalous DNS Query Low Investigating WS-PC-006
ALR-00240 3h ago DecoyPulse Honeypot Triggered Low Open WS-PC-006
ALR-00128 3h ago DecoyPulse Honeypot Triggered Low Resolved WS-PC-006
ALR-00423 4h ago Kerberoasting Attempt Medium Investigating SRV-SQL-01