Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:25:41 UTC

Lateral Movement Detected

High Escalated
ALR-00114 · 2026-04-10T05:12:24Z

Description

Firewall detected lateral movement from SRV-WEB-01 to SRV-DC-01 using user 'system' credentials. SMB admin shares accessed.

Alert Metadata

Alert ID
ALR-00114
Timestamp
2026-04-10T05:12:24Z
Severity
High
Status
Escalated
Detection Source
Firewall
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-WEB-01
User Account
system
Source IP
185.139.220.241
Destination IP
10.3.123.105
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1021.002
Reference
attack.mitre.org/techniques/T1021.002

Investigation Timeline

05:12:24 Event ingested by SOC365 Engine
05:12:27 EmilyAI triage started — correlation enrichment
05:12:29 EmilyAI confidence: 83% — escalated to human analyst
05:13:04 Alert assigned to analyst: Sarah Chen
05:13:58 Investigation started — querying SIEM and threat intelligence
05:19:22 Containment action taken — endpoint isolated
05:27:29 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00434 6h ago Malware Signature Match Low Investigating SRV-WEB-01
ALR-00054 13h ago Data Exfiltration Attempt Low Open SRV-WEB-01
ALR-00265 13h ago Lateral Movement Detected Informational False Positive SRV-DC-01
ALR-00327 14h ago DLP Policy Violation Low Escalated SRV-WEB-01
ALR-00049 16h ago Ransomware Behaviour Detected Medium Open SRV-WEB-01