Pass-the-Hash Detected
Medium
Open
ALR-00243 · 2026-05-24T16:45:19Z
Description
Pass-the-Hash technique detected on FW-EDGE-01. NTLM authentication from 'j.smith' without standard Kerberos ticket. Dark Web Monitor flagged.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
16:45:19
Event ingested by SOC365 Engine
16:45:23
EmilyAI triage started — correlation enrichment
16:45:27
EmilyAI confidence: 94% — escalated to human analyst
16:46:03
Alert assigned to analyst: Marcus Webb
16:46:05
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00414 | 10h ago | Certificate Anomaly | High | Escalated | FW-EDGE-01 |
| ALR-00449 | 11h ago | Suspicious Scheduled Task | Informational | Escalated | FW-EDGE-01 |
| ALR-00374 | 12h ago | Pass-the-Hash Detected | Low | Resolved | WS-PC-006 |
| ALR-00196 | 14h ago | Pass-the-Hash Detected | Informational | Resolved | SRV-BACKUP-01 |
| ALR-00113 | 15h ago | Pass-the-Hash Detected | Informational | Open | SRV-BACKUP-01 |