Lateral Movement Detected
High
Investigating
ALR-00219 · 2026-07-05T14:50:58Z
Description
Endpoint Agent detected lateral movement from SRV-DC-01 to SRV-DC-01 using user 'n.clark' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
14:50:58
Event ingested by SOC365 Engine
14:50:59
EmilyAI triage started — correlation enrichment
14:51:11
EmilyAI confidence: 84% — escalated to human analyst
14:51:18
Alert assigned to analyst: Anika Patel
14:52:31
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00410 | 8h ago | Lateral Movement Detected | Low | False Positive | FW-EDGE-01 |
| ALR-00190 | 13h ago | Unusual Outbound Traffic | Informational | Escalated | SRV-DC-01 |
| ALR-00132 | 15h ago | Anomalous DNS Query | Low | Escalated | SRV-DC-01 |
| ALR-00238 | 1d ago | Failed MFA Challenge | Low | Escalated | SRV-DC-01 |
| ALR-00097 | 1d ago | Tor Exit Node Connection | Low | Open | SRV-DC-01 |