Pass-the-Hash Detected
Informational
Resolved
ALR-00193 · 2026-07-11T17:54:20Z
Description
Pass-the-Hash technique detected on SRV-SQL-01. NTLM authentication from 'r.davies' without standard Kerberos ticket. SOC365 Engine flagged.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
17:54:20
Event ingested by SOC365 Engine
17:54:21
EmilyAI triage started — correlation enrichment
17:54:28
EmilyAI confidence: 78% — escalated to human analyst
17:54:45
Alert assigned to analyst: EmilyAI (auto)
17:56:18
Investigation started — querying SIEM and threat intelligence
17:57:32
Containment action taken — endpoint isolated
18:12:08
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00429 | 5h ago | Pass-the-Hash Detected | Medium | False Positive | SRV-BACKUP-01 |
| ALR-00287 | 12h ago | C2 Beacon Activity | Medium | Escalated | SRV-SQL-01 |
| ALR-00286 | 14h ago | Pass-the-Hash Detected | Low | Investigating | WS-LAP-011 |
| ALR-00129 | 16h ago | Pass-the-Hash Detected | Low | Investigating | WS-PC-003 |
| ALR-00291 | 18h ago | Credential Stuffing Attempt | Critical | Escalated | SRV-SQL-01 |