Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:13:05 UTC

Pass-the-Hash Detected

Medium False Positive
ALR-00246 · 2026-05-24T12:54:02Z

Description

Pass-the-Hash technique detected on SRV-BACKUP-01. NTLM authentication from 'f.hall' without standard Kerberos ticket. DecoyPulse flagged.

Alert Metadata

Alert ID
ALR-00246
Timestamp
2026-05-24T12:54:02Z
Severity
Medium
Status
False Positive
Detection Source
DecoyPulse
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
f.hall
Source IP
45.168.148.137
Destination IP
10.2.246.237
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1550.002
Reference
attack.mitre.org/techniques/T1550.002

Investigation Timeline

12:54:02 Event ingested by SOC365 Engine
12:54:06 EmilyAI triage started — correlation enrichment
12:54:10 EmilyAI confidence: 79% — escalated to human analyst
12:54:31 Alert assigned to analyst: Anika Patel
12:56:25 Investigation started — querying SIEM and threat intelligence
12:59:07 Containment action taken — endpoint isolated
13:09:21 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00205 1h ago Pass-the-Hash Detected Low False Positive SRV-FILE-01
ALR-00009 3h ago Phishing Email Blocked High Open SRV-BACKUP-01
ALR-00454 10h ago Pass-the-Hash Detected Medium Open SRV-APP-01
ALR-00411 17h ago Pass-the-Hash Detected Informational Investigating SRV-APP-01
ALR-00166 20h ago Brute Force SSH Critical Open SRV-BACKUP-01