Pass-the-Hash Detected
Informational
False Positive
ALR-00126 · 2026-07-10T15:13:36Z
Description
Pass-the-Hash technique detected on SRV-MAIL-01. NTLM authentication from 'j.smith' without standard Kerberos ticket. Cloud Connector flagged.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
15:13:36
Event ingested by SOC365 Engine
15:13:37
EmilyAI triage started — correlation enrichment
15:13:49
EmilyAI confidence: 80% — escalated to human analyst
15:14:08
Alert assigned to analyst: EmilyAI (auto)
15:14:44
Investigation started — querying SIEM and threat intelligence
15:20:32
Containment action taken — endpoint isolated
15:26:55
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00193 | 1h ago | Pass-the-Hash Detected | Informational | Resolved | SRV-SQL-01 |
| ALR-00475 | 5h ago | Credential Stuffing Attempt | Informational | False Positive | SRV-MAIL-01 |
| ALR-00429 | 5h ago | Pass-the-Hash Detected | Medium | False Positive | SRV-BACKUP-01 |
| ALR-00286 | 14h ago | Pass-the-Hash Detected | Low | Investigating | WS-LAP-011 |
| ALR-00129 | 16h ago | Pass-the-Hash Detected | Low | Investigating | WS-PC-003 |