Kerberoasting Attempt
Medium
Escalated
ALR-00115 · 2026-07-08T10:24:18Z
Description
Kerberoasting attack detected: user 'h.roberts' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by SOC365 Engine.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
10:24:18
Event ingested by SOC365 Engine
10:24:22
EmilyAI triage started — correlation enrichment
10:24:26
EmilyAI confidence: 95% — escalated to human analyst
10:24:56
Alert assigned to analyst: Marcus Webb
10:27:05
Investigation started — querying SIEM and threat intelligence
10:33:07
Containment action taken — endpoint isolated
10:34:34
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00260 | 3h ago | Ransomware Behaviour Detected | Informational | Escalated | WS-PC-004 |
| ALR-00420 | 7h ago | Kerberoasting Attempt | High | Investigating | VM-DEV-01 |
| ALR-00010 | 8h ago | Failed MFA Challenge | Informational | Open | WS-PC-004 |
| ALR-00322 | 16h ago | Kerberoasting Attempt | Medium | Open | WS-PC-001 |
| ALR-00170 | 16h ago | Kerberoasting Attempt | Medium | False Positive | WS-PC-002 |