Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:52:19 UTC

Privilege Escalation Attempt

Medium Escalated
ALR-00237 · 2026-05-23T11:00:15Z

Description

User 'j.smith' on SRV-MAIL-01 attempted to escalate to SYSTEM via token manipulation. Email Gateway blocked the attempt.

Alert Metadata

Alert ID
ALR-00237
Timestamp
2026-05-23T11:00:15Z
Severity
Medium
Status
Escalated
Detection Source
Email Gateway
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-MAIL-01
User Account
j.smith
Source IP
185.233.220.211
Destination IP
10.3.134.165
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Privilege Escalation
Technique
T1134
Reference
attack.mitre.org/techniques/T1134

Investigation Timeline

11:00:15 Event ingested by SOC365 Engine
11:00:17 EmilyAI triage started — correlation enrichment
11:00:26 EmilyAI confidence: 96% — escalated to human analyst
11:00:35 Alert assigned to analyst: Sarah Chen
11:02:06 Investigation started — querying SIEM and threat intelligence
11:09:59 Containment action taken — endpoint isolated
11:15:53 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00279 49m ago Privilege Escalation Attempt Informational Escalated SRV-SQL-01
ALR-00447 5h ago Malware Signature Match Low Resolved SRV-MAIL-01
ALR-00386 7h ago Port Scan Detected Low Resolved SRV-MAIL-01
ALR-00406 8h ago Unauthorised USB Device Medium Investigating SRV-MAIL-01
ALR-00095 14h ago Insider Threat Indicator High Escalated SRV-MAIL-01