Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:43:17 UTC

Kerberoasting Attempt

Medium Escalated
ALR-00115 · 2026-07-08T10:24:18Z

Description

Kerberoasting attack detected: user 'h.roberts' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by SOC365 Engine.

Alert Metadata

Alert ID
ALR-00115
Timestamp
2026-07-08T10:24:18Z
Severity
Medium
Status
Escalated
Detection Source
SOC365 Engine
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-PC-004
User Account
h.roberts
Source IP
45.11.148.21
Destination IP
10.2.81.33
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1558.003
Reference
attack.mitre.org/techniques/T1558.003

Investigation Timeline

10:24:18 Event ingested by SOC365 Engine
10:24:22 EmilyAI triage started — correlation enrichment
10:24:26 EmilyAI confidence: 95% — escalated to human analyst
10:24:56 Alert assigned to analyst: Marcus Webb
10:27:05 Investigation started — querying SIEM and threat intelligence
10:33:07 Containment action taken — endpoint isolated
10:34:34 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00260 3h ago Ransomware Behaviour Detected Informational Escalated WS-PC-004
ALR-00420 7h ago Kerberoasting Attempt High Investigating VM-DEV-01
ALR-00010 8h ago Failed MFA Challenge Informational Open WS-PC-004
ALR-00322 16h ago Kerberoasting Attempt Medium Open WS-PC-001
ALR-00170 16h ago Kerberoasting Attempt Medium False Positive WS-PC-002