Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:08:21 UTC

Pass-the-Hash Detected

Low Escalated
ALR-00121 · 2026-05-22T17:33:37Z

Description

Pass-the-Hash technique detected on SRV-FILE-01. NTLM authentication from 'system' without standard Kerberos ticket. Network IDS flagged.

Alert Metadata

Alert ID
ALR-00121
Timestamp
2026-05-22T17:33:37Z
Severity
Low
Status
Escalated
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-FILE-01
User Account
system
Source IP
185.170.220.253
Destination IP
10.3.172.246
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1550.002
Reference
attack.mitre.org/techniques/T1550.002

Investigation Timeline

17:33:37 Event ingested by SOC365 Engine
17:33:42 EmilyAI triage started — correlation enrichment
17:33:52 EmilyAI confidence: 82% — escalated to human analyst
17:34:16 Alert assigned to analyst: EmilyAI (auto)
17:36:33 Investigation started — querying SIEM and threat intelligence
17:40:47 Containment action taken — endpoint isolated
17:47:42 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00433 3h ago Pass-the-Hash Detected Medium Investigating WS-LAP-010
ALR-00295 10h ago Unauthorised USB Device Medium False Positive SRV-FILE-01
ALR-00022 12h ago Failed MFA Challenge Informational Open SRV-FILE-01
ALR-00100 13h ago Rogue DHCP Server Low Investigating SRV-FILE-01
ALR-00009 17h ago DLP Policy Violation Informational Escalated SRV-FILE-01