Privilege Escalation Attempt
Medium
False Positive
ALR-00136 · 2026-07-08T17:14:56Z
Description
User 'n.clark' on WS-LAP-011 attempted to escalate to SYSTEM via token manipulation. EmilyAI Triage blocked the attempt.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
17:14:56
Event ingested by SOC365 Engine
17:14:58
EmilyAI triage started — correlation enrichment
17:15:01
EmilyAI confidence: 98% — escalated to human analyst
17:15:35
Alert assigned to analyst: Anika Patel
17:17:01
Investigation started — querying SIEM and threat intelligence
17:22:12
Containment action taken — endpoint isolated
17:33:46
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00206 | 1h ago | Malware Signature Match | Low | Investigating | WS-LAP-011 |
| ALR-00167 | 2h ago | Data Exfiltration Attempt | Low | Open | WS-LAP-011 |
| ALR-00426 | 4h ago | Privilege Escalation Attempt | Low | Investigating | WS-PC-006 |
| ALR-00321 | 5h ago | Unusual Outbound Traffic | Medium | False Positive | WS-LAP-011 |
| ALR-00071 | 8h ago | Privilege Escalation Attempt | Informational | Escalated | WS-LAP-010 |