Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:09:15 UTC

Pass-the-Hash Detected

Informational Resolved
ALR-00203 · 2026-05-25T04:14:28Z

Description

Pass-the-Hash technique detected on WS-PC-002. NTLM authentication from 's.jones' without standard Kerberos ticket. Cloud Connector flagged.

Alert Metadata

Alert ID
ALR-00203
Timestamp
2026-05-25T04:14:28Z
Severity
Informational
Status
Resolved
Detection Source
Cloud Connector
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-002
User Account
s.jones
Source IP
91.168.195.92
Destination IP
10.1.116.130
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1550.002
Reference
attack.mitre.org/techniques/T1550.002

Investigation Timeline

04:14:28 Event ingested by SOC365 Engine
04:14:31 EmilyAI triage started — correlation enrichment
04:14:36 EmilyAI confidence: 84% — escalated to human analyst
04:14:55 Alert assigned to analyst: EmilyAI (auto)
04:16:29 Investigation started — querying SIEM and threat intelligence
04:23:43 Containment action taken — endpoint isolated
04:26:59 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00112 4h ago Lateral Movement Detected Informational Escalated WS-PC-002
ALR-00408 4h ago Pass-the-Hash Detected Low Investigating SRV-MAIL-01
ALR-00309 9h ago Pass-the-Hash Detected Low Open WS-PC-004
ALR-00412 16h ago Pass-the-Hash Detected Low Escalated SRV-DC-01
ALR-00053 23h ago Ransomware Behaviour Detected Low False Positive WS-PC-002