Kerberoasting Attempt
Medium
Investigating
ALR-00203 · 2026-07-10T08:17:17Z
Description
Kerberoasting attack detected: user 'a.wilson' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by Cloud Connector.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
08:17:17
Event ingested by SOC365 Engine
08:17:21
EmilyAI triage started — correlation enrichment
08:17:26
EmilyAI confidence: 85% — escalated to human analyst
08:17:41
Alert assigned to analyst: Sarah Chen
08:18:19
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00262 | 36m ago | C2 Beacon Activity | Low | False Positive | WS-LAP-011 |
| ALR-00193 | 3h ago | Kerberoasting Attempt | Low | Escalated | WS-PC-001 |
| ALR-00062 | 4h ago | Anomalous DNS Query | Informational | Resolved | WS-LAP-011 |
| ALR-00107 | 12h ago | Suspicious Scheduled Task | Low | Resolved | WS-LAP-011 |
| ALR-00484 | 14h ago | Unusual Outbound Traffic | Medium | Investigating | WS-LAP-011 |