Kerberoasting Attempt
High
Open
ALR-00149 · 2026-07-10T16:05:05Z
Description
Kerberoasting attack detected: user 's.jones' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by Network IDS.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
16:05:05
Event ingested by SOC365 Engine
16:05:10
EmilyAI triage started — correlation enrichment
16:05:15
EmilyAI confidence: 98% — escalated to human analyst
16:05:29
Alert assigned to analyst: Marcus Webb
16:07:46
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00017 | 9m ago | Suspicious Scheduled Task | Medium | Investigating | VM-DEV-01 |
| ALR-00091 | 56m ago | Ransomware Behaviour Detected | Low | False Positive | VM-DEV-01 |
| ALR-00114 | 1h ago | Privilege Escalation Attempt | Low | Escalated | VM-DEV-01 |
| ALR-00420 | 7h ago | Kerberoasting Attempt | High | Investigating | VM-DEV-01 |
| ALR-00214 | 12h ago | Ransomware Behaviour Detected | Medium | Escalated | VM-DEV-01 |