Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:21:32 UTC

Lateral Movement Detected

Low Resolved
ALR-00199 · 2026-04-10T16:19:50Z

Description

SOC365 Engine detected lateral movement from SRV-MAIL-01 to SRV-DC-01 using user 'r.davies' credentials. SMB admin shares accessed.

Alert Metadata

Alert ID
ALR-00199
Timestamp
2026-04-10T16:19:50Z
Severity
Low
Status
Resolved
Detection Source
SOC365 Engine
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-MAIL-01
User Account
r.davies
Source IP
185.109.220.152
Destination IP
10.0.237.151
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1021.002
Reference
attack.mitre.org/techniques/T1021.002

Investigation Timeline

16:19:50 Event ingested by SOC365 Engine
16:19:53 EmilyAI triage started — correlation enrichment
16:20:00 EmilyAI confidence: 95% — escalated to human analyst
16:20:32 Alert assigned to analyst: EmilyAI (auto)
16:20:59 Investigation started — querying SIEM and threat intelligence
16:27:19 Containment action taken — endpoint isolated
16:30:48 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00227 5h ago Lateral Movement Detected Medium False Positive WS-PC-001
ALR-00456 10h ago Lateral Movement Detected Medium Investigating VM-DEV-01
ALR-00202 11h ago Lateral Movement Detected Low Resolved SW-CORE-01
ALR-00175 14h ago Malware Signature Match Low Resolved SRV-MAIL-01
ALR-00019 23h ago Phishing Email Blocked Medium Investigating SRV-MAIL-01