Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:39:49 UTC

Pass-the-Hash Detected

Low Escalated
ALR-00130 · 2026-07-05T08:22:59Z

Description

Pass-the-Hash technique detected on SRV-MAIL-01. NTLM authentication from 'e.evans' without standard Kerberos ticket. Firewall flagged.

Alert Metadata

Alert ID
ALR-00130
Timestamp
2026-07-05T08:22:59Z
Severity
Low
Status
Escalated
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-MAIL-01
User Account
e.evans
Source IP
185.53.220.104
Destination IP
10.3.254.198
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1550.002
Reference
attack.mitre.org/techniques/T1550.002

Investigation Timeline

08:22:59 Event ingested by SOC365 Engine
08:23:01 EmilyAI triage started — correlation enrichment
08:23:04 EmilyAI confidence: 79% — escalated to human analyst
08:23:19 Alert assigned to analyst: EmilyAI (auto)
08:25:16 Investigation started — querying SIEM and threat intelligence
08:32:19 Containment action taken — endpoint isolated
08:39:28 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00018 6h ago Shadow IT Discovery Low Escalated SRV-MAIL-01
ALR-00095 12h ago Tor Exit Node Connection Low Open SRV-MAIL-01
ALR-00360 15h ago Unauthorised USB Device Medium False Positive SRV-MAIL-01
ALR-00197 17h ago Pass-the-Hash Detected Low False Positive SRV-WEB-01
ALR-00427 21h ago Pass-the-Hash Detected High Investigating WS-MAC-005