Pass-the-Hash Detected
Informational
Escalated
ALR-00216 · 2026-07-10T10:23:37Z
Description
Pass-the-Hash technique detected on SRV-MAIL-01. NTLM authentication from 'j.smith' without standard Kerberos ticket. DecoyPulse flagged.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
10:23:37
Event ingested by SOC365 Engine
10:23:41
EmilyAI triage started — correlation enrichment
10:23:48
EmilyAI confidence: 80% — escalated to human analyst
10:24:08
Alert assigned to analyst: EmilyAI (auto)
10:24:54
Investigation started — querying SIEM and threat intelligence
10:28:31
Containment action taken — endpoint isolated
10:37:07
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00461 | 12m ago | Shadow IT Discovery | Medium | Escalated | SRV-MAIL-01 |
| ALR-00251 | 1h ago | Pass-the-Hash Detected | Medium | False Positive | WS-PC-003 |
| ALR-00082 | 3h ago | Pass-the-Hash Detected | High | Open | SRV-SQL-01 |
| ALR-00381 | 3h ago | Pass-the-Hash Detected | Informational | Open | WS-PC-002 |
| ALR-00368 | 9h ago | Suspicious PowerShell Execution | Medium | Open | SRV-MAIL-01 |