Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:20:13 UTC

Lateral Movement Detected

Medium Escalated
ALR-00155 · 2026-04-09T23:20:49Z

Description

Cloud Connector detected lateral movement from SRV-FILE-01 to SRV-DC-01 using user 'k.brown' credentials. SMB admin shares accessed.

Alert Metadata

Alert ID
ALR-00155
Timestamp
2026-04-09T23:20:49Z
Severity
Medium
Status
Escalated
Detection Source
Cloud Connector
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
SRV-FILE-01
User Account
k.brown
Source IP
45.143.148.79
Destination IP
10.3.13.185
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1021.002
Reference
attack.mitre.org/techniques/T1021.002

Investigation Timeline

23:20:49 Event ingested by SOC365 Engine
23:20:50 EmilyAI triage started — correlation enrichment
23:20:59 EmilyAI confidence: 82% — escalated to human analyst
23:21:09 Alert assigned to analyst: Emma Richardson
23:22:28 Investigation started — querying SIEM and threat intelligence
23:26:08 Containment action taken — endpoint isolated
23:38:11 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00142 14h ago Lateral Movement Detected Low Investigating SRV-DC-01
ALR-00453 16h ago DecoyPulse Honeypot Triggered High Escalated SRV-FILE-01
ALR-00351 1d ago Brute Force SSH Low Investigating SRV-FILE-01
ALR-00185 1d ago Privilege Escalation Attempt Low Resolved SRV-FILE-01
ALR-00222 1d ago Port Scan Detected Low Open SRV-FILE-01