Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 14:10:27 UTC

Kerberoasting Attempt

Critical Investigating
ALR-00219 · 2026-04-08T09:13:20Z

Description

Kerberoasting attack detected: user 's.jones' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by Endpoint Agent.

Alert Metadata

Alert ID
ALR-00219
Timestamp
2026-04-08T09:13:20Z
Severity
Critical
Status
Investigating
Detection Source
Endpoint Agent
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
WS-PC-002
User Account
s.jones
Source IP
185.95.220.83
Destination IP
10.2.110.105
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1558.003
Reference
attack.mitre.org/techniques/T1558.003

Investigation Timeline

09:13:20 Event ingested by SOC365 Engine
09:13:25 EmilyAI triage started — correlation enrichment
09:13:34 EmilyAI confidence: 79% — escalated to human analyst
09:13:55 Alert assigned to analyst: Anika Patel
09:14:49 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00023 16h ago Lateral Movement Detected Medium False Positive WS-PC-002
ALR-00383 1d ago Kerberoasting Attempt Low Open WS-LAP-012
ALR-00401 1d ago Privilege Escalation Attempt Informational False Positive WS-PC-002
ALR-00083 1d ago Kerberoasting Attempt High Escalated SRV-APP-01
ALR-00296 1d ago Kerberoasting Attempt High Investigating WS-PC-006