Lateral Movement Detected
Medium
Resolved
ALR-00237 · 2026-07-07T16:13:02Z
Description
Firewall detected lateral movement from WS-LAP-010 to SRV-DC-01 using user 'e.evans' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
16:13:02
Event ingested by SOC365 Engine
16:13:06
EmilyAI triage started — correlation enrichment
16:13:09
EmilyAI confidence: 93% — escalated to human analyst
16:13:39
Alert assigned to analyst: Marcus Webb
16:15:07
Investigation started — querying SIEM and threat intelligence
16:22:27
Containment action taken — endpoint isolated
16:26:48
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00221 | 55m ago | Lateral Movement Detected | Medium | False Positive | VM-DEV-01 |
| ALR-00053 | 1h ago | Lateral Movement Detected | Informational | False Positive | SRV-DC-01 |
| ALR-00490 | 10h ago | Lateral Movement Detected | Low | Investigating | WS-MAC-005 |
| ALR-00357 | 13h ago | Unauthorised USB Device | Medium | Investigating | WS-LAP-010 |
| ALR-00112 | 16h ago | DLP Policy Violation | Medium | Resolved | WS-LAP-010 |