Kerberoasting Attempt
Medium
Investigating
ALR-00224 · 2026-07-11T18:31:54Z
Description
Kerberoasting attack detected: user 'd.walker' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by SOC365 Engine.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
18:31:54
Event ingested by SOC365 Engine
18:31:58
EmilyAI triage started — correlation enrichment
18:32:04
EmilyAI confidence: 81% — escalated to human analyst
18:32:09
Alert assigned to analyst: Marcus Webb
18:33:38
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00050 | 1h ago | Suspicious Scheduled Task | High | Investigating | SRV-DC-01 |
| ALR-00363 | 2h ago | Kerberoasting Attempt | High | Open | WS-LAP-012 |
| ALR-00367 | 5h ago | Certificate Anomaly | High | Escalated | SRV-DC-01 |
| ALR-00129 | 8h ago | Kerberoasting Attempt | High | Investigating | VM-DEV-01 |
| ALR-00244 | 11h ago | Lateral Movement Detected | Informational | Investigating | SRV-DC-01 |