Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:52:18 UTC

Privilege Escalation Attempt

Low Escalated
ALR-00132 · 2026-04-10T14:44:44Z

Description

User 'e.evans' on WS-PC-002 attempted to escalate to SYSTEM via token manipulation. SOC365 Engine blocked the attempt.

Alert Metadata

Alert ID
ALR-00132
Timestamp
2026-04-10T14:44:44Z
Severity
Low
Status
Escalated
Detection Source
SOC365 Engine
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-002
User Account
e.evans
Source IP
185.240.220.211
Destination IP
10.3.225.46
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Privilege Escalation
Technique
T1134
Reference
attack.mitre.org/techniques/T1134

Investigation Timeline

14:44:44 Event ingested by SOC365 Engine
14:44:45 EmilyAI triage started — correlation enrichment
14:44:58 EmilyAI confidence: 79% — escalated to human analyst
14:45:09 Alert assigned to analyst: EmilyAI (auto)
14:47:04 Investigation started — querying SIEM and threat intelligence
14:51:50 Containment action taken — endpoint isolated
15:01:30 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00360 1h ago Privilege Escalation Attempt Medium False Positive SRV-MAIL-01
ALR-00045 8h ago Privilege Escalation Attempt Informational Investigating AP-WIFI-03
ALR-00073 11h ago Credential Stuffing Attempt Medium Investigating WS-PC-002
ALR-00440 15h ago Privilege Escalation Attempt Medium Resolved FW-EDGE-01
ALR-00344 19h ago Ransomware Behaviour Detected Medium Open WS-PC-002