Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:05:21 UTC

Lateral Movement Detected

Low Resolved
ALR-00180 · 2026-05-24T20:59:46Z

Description

Endpoint Agent detected lateral movement from WS-LAP-011 to SRV-DC-01 using user 'k.brown' credentials. SMB admin shares accessed.

Alert Metadata

Alert ID
ALR-00180
Timestamp
2026-05-24T20:59:46Z
Severity
Low
Status
Resolved
Detection Source
Endpoint Agent
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-011
User Account
k.brown
Source IP
194.134.62.7
Destination IP
10.1.133.44
Origin Country
FR France

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1021.002
Reference
attack.mitre.org/techniques/T1021.002

Investigation Timeline

20:59:46 Event ingested by SOC365 Engine
20:59:47 EmilyAI triage started — correlation enrichment
21:00:01 EmilyAI confidence: 88% — escalated to human analyst
21:00:19 Alert assigned to analyst: EmilyAI (auto)
21:02:07 Investigation started — querying SIEM and threat intelligence
21:03:39 Containment action taken — endpoint isolated
21:18:01 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00239 17m ago Suspicious PowerShell Execution Informational False Positive WS-LAP-011
ALR-00304 2h ago Credential Stuffing Attempt Medium Investigating WS-LAP-011
ALR-00421 1d ago Tor Exit Node Connection Informational Open WS-LAP-011
ALR-00269 1d ago Rogue DHCP Server Low Resolved WS-LAP-011
ALR-00178 1d ago Lateral Movement Detected Medium Open WS-LAP-011