Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:35:56 UTC

Privilege Escalation Attempt

Medium False Positive
ALR-00136 · 2026-07-08T17:14:56Z

Description

User 'n.clark' on WS-LAP-011 attempted to escalate to SYSTEM via token manipulation. EmilyAI Triage blocked the attempt.

Alert Metadata

Alert ID
ALR-00136
Timestamp
2026-07-08T17:14:56Z
Severity
Medium
Status
False Positive
Detection Source
EmilyAI Triage
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
WS-LAP-011
User Account
n.clark
Source IP
91.9.195.238
Destination IP
10.1.133.34
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Privilege Escalation
Technique
T1134
Reference
attack.mitre.org/techniques/T1134

Investigation Timeline

17:14:56 Event ingested by SOC365 Engine
17:14:58 EmilyAI triage started — correlation enrichment
17:15:01 EmilyAI confidence: 98% — escalated to human analyst
17:15:35 Alert assigned to analyst: Anika Patel
17:17:01 Investigation started — querying SIEM and threat intelligence
17:22:12 Containment action taken — endpoint isolated
17:33:46 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00206 1h ago Malware Signature Match Low Investigating WS-LAP-011
ALR-00167 2h ago Data Exfiltration Attempt Low Open WS-LAP-011
ALR-00426 4h ago Privilege Escalation Attempt Low Investigating WS-PC-006
ALR-00321 5h ago Unusual Outbound Traffic Medium False Positive WS-LAP-011
ALR-00071 8h ago Privilege Escalation Attempt Informational Escalated WS-LAP-010