Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:44:00 UTC

Lateral Movement Detected

Informational False Positive
ALR-00209 · 2026-07-09T23:26:49Z

Description

Attack Surface Scanner detected lateral movement from SRV-MAIL-01 to SRV-DC-01 using user 'd.walker' credentials. SMB admin shares accessed.

Alert Metadata

Alert ID
ALR-00209
Timestamp
2026-07-09T23:26:49Z
Severity
Informational
Status
False Positive
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-MAIL-01
User Account
d.walker
Source IP
45.65.148.172
Destination IP
10.0.161.90
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1021.002
Reference
attack.mitre.org/techniques/T1021.002

Investigation Timeline

23:26:49 Event ingested by SOC365 Engine
23:26:51 EmilyAI triage started — correlation enrichment
23:27:02 EmilyAI confidence: 98% — escalated to human analyst
23:27:33 Alert assigned to analyst: EmilyAI (auto)
23:28:06 Investigation started — querying SIEM and threat intelligence
23:32:05 Containment action taken — endpoint isolated
23:42:07 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00480 5h ago Lateral Movement Detected Medium False Positive WS-PC-001
ALR-00261 5h ago Lateral Movement Detected Medium Resolved SRV-APP-01
ALR-00274 18h ago Privilege Escalation Attempt Low Open SRV-MAIL-01
ALR-00054 23h ago Lateral Movement Detected Medium Open SRV-APP-01
ALR-00081 1d ago Brute Force SSH Low Investigating SRV-MAIL-01