Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:24:42 UTC

Lateral Movement Detected

Low Resolved
ALR-00174 · 2026-04-07T00:06:09Z

Description

Firewall detected lateral movement from WS-LAP-011 to SRV-DC-01 using user 'm.taylor' credentials. SMB admin shares accessed.

Alert Metadata

Alert ID
ALR-00174
Timestamp
2026-04-07T00:06:09Z
Severity
Low
Status
Resolved
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-011
User Account
m.taylor
Source IP
91.214.195.168
Destination IP
10.3.172.254
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1021.002
Reference
attack.mitre.org/techniques/T1021.002

Investigation Timeline

00:06:09 Event ingested by SOC365 Engine
00:06:14 EmilyAI triage started — correlation enrichment
00:06:15 EmilyAI confidence: 87% — escalated to human analyst
00:06:39 Alert assigned to analyst: EmilyAI (auto)
00:08:36 Investigation started — querying SIEM and threat intelligence
00:13:31 Containment action taken — endpoint isolated
00:20:26 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00027 3h ago Unusual Outbound Traffic Medium False Positive WS-LAP-011
ALR-00171 4h ago Lateral Movement Detected Medium Open SRV-MAIL-01
ALR-00316 9h ago Lateral Movement Detected High Open SRV-MAIL-01
ALR-00448 9h ago C2 Beacon Activity Informational Open WS-LAP-011
ALR-00233 12h ago Lateral Movement Detected Informational False Positive WS-PC-001