Pass-the-Hash Detected
High
Open
ALR-00218 · 2026-07-07T02:27:09Z
Description
Pass-the-Hash technique detected on WS-LAP-011. NTLM authentication from 'k.brown' without standard Kerberos ticket. Attack Surface Scanner flagged.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
02:27:09
Event ingested by SOC365 Engine
02:27:14
EmilyAI triage started — correlation enrichment
02:27:19
EmilyAI confidence: 87% — escalated to human analyst
02:27:32
Alert assigned to analyst: Marcus Webb
02:28:27
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00033 | 4h ago | Pass-the-Hash Detected | Critical | Open | WS-PC-001 |
| ALR-00465 | 12h ago | Ransomware Behaviour Detected | Low | Open | WS-LAP-011 |
| ALR-00285 | 13h ago | Rogue DHCP Server | High | Investigating | WS-LAP-011 |
| ALR-00093 | 17h ago | Privilege Escalation Attempt | High | Escalated | WS-LAP-011 |
| ALR-00363 | 19h ago | Failed MFA Challenge | Low | Investigating | WS-LAP-011 |