Lateral Movement Detected
Medium
Open
ALR-00118 · 2026-07-08T22:54:35Z
Description
Endpoint Agent detected lateral movement from WS-LAP-010 to SRV-DC-01 using user 'l.johnson' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
22:54:35
Event ingested by SOC365 Engine
22:54:39
EmilyAI triage started — correlation enrichment
22:54:41
EmilyAI confidence: 78% — escalated to human analyst
22:55:00
Alert assigned to analyst: Emma Richardson
22:56:54
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00354 | 58m ago | Lateral Movement Detected | High | Investigating | SRV-BACKUP-01 |
| ALR-00390 | 1h ago | Phishing Email Blocked | Low | Resolved | WS-LAP-010 |
| ALR-00103 | 3h ago | Suspicious PowerShell Execution | Medium | False Positive | WS-LAP-010 |
| ALR-00338 | 5h ago | Lateral Movement Detected | Low | Resolved | WS-MAC-005 |
| ALR-00208 | 6h ago | Unusual Outbound Traffic | Medium | Escalated | WS-LAP-010 |