Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:27:33 UTC

Lateral Movement Detected

High Escalated
ALR-00160 · 2026-04-09T23:16:45Z

Description

DLP Module detected lateral movement from FW-EDGE-01 to SRV-DC-01 using user 'system' credentials. SMB admin shares accessed.

Alert Metadata

Alert ID
ALR-00160
Timestamp
2026-04-09T23:16:45Z
Severity
High
Status
Escalated
Detection Source
DLP Module
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
FW-EDGE-01
User Account
system
Source IP
45.2.148.29
Destination IP
10.1.91.164
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1021.002
Reference
attack.mitre.org/techniques/T1021.002

Investigation Timeline

23:16:45 Event ingested by SOC365 Engine
23:16:49 EmilyAI triage started — correlation enrichment
23:16:58 EmilyAI confidence: 97% — escalated to human analyst
23:17:06 Alert assigned to analyst: Marcus Webb
23:18:47 Investigation started — querying SIEM and threat intelligence
23:21:38 Containment action taken — endpoint isolated
23:34:03 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00245 14h ago Lateral Movement Detected Low Escalated WS-LAP-011
ALR-00368 21h ago Lateral Movement Detected Low False Positive WS-LAP-011
ALR-00384 23h ago Lateral Movement Detected Informational Investigating SRV-SQL-01
ALR-00177 23h ago Ransomware Behaviour Detected Informational False Positive FW-EDGE-01
ALR-00448 1d ago Lateral Movement Detected Medium False Positive WS-LAP-012