Lateral Movement Detected
Low
Escalated
ALR-00129 · 2026-07-11T16:26:14Z
Description
SOC365 Engine detected lateral movement from VM-DEV-01 to SRV-DC-01 using user 'f.hall' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
16:26:14
Event ingested by SOC365 Engine
16:26:19
EmilyAI triage started — correlation enrichment
16:26:27
EmilyAI confidence: 82% — escalated to human analyst
16:26:55
Alert assigned to analyst: EmilyAI (auto)
16:28:41
Investigation started — querying SIEM and threat intelligence
16:29:52
Containment action taken — endpoint isolated
16:36:30
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00095 | 1h ago | Lateral Movement Detected | Low | Resolved | SRV-APP-01 |
| ALR-00261 | 20h ago | Shadow IT Discovery | Medium | Resolved | VM-DEV-01 |
| ALR-00018 | 21h ago | Lateral Movement Detected | Informational | False Positive | SRV-APP-01 |
| ALR-00370 | 1d ago | Unauthorised USB Device | High | Open | VM-DEV-01 |
| ALR-00408 | 1d ago | Lateral Movement Detected | Low | Resolved | WS-LAP-010 |