Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:20:56 UTC

Pass-the-Hash Detected

Critical Open
ALR-00249 · 2026-04-06T05:20:00Z

Description

Pass-the-Hash technique detected on WS-MAC-005. NTLM authentication from 'r.davies' without standard Kerberos ticket. Network IDS flagged.

Alert Metadata

Alert ID
ALR-00249
Timestamp
2026-04-06T05:20:00Z
Severity
Critical
Status
Open
Detection Source
Network IDS
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-MAC-005
User Account
r.davies
Source IP
45.73.148.19
Destination IP
10.1.86.93
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1550.002
Reference
attack.mitre.org/techniques/T1550.002

Investigation Timeline

05:20:00 Event ingested by SOC365 Engine
05:20:02 EmilyAI triage started — correlation enrichment
05:20:15 EmilyAI confidence: 80% — escalated to human analyst
05:20:20 Alert assigned to analyst: Marcus Webb
05:21:08 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00023 4h ago Pass-the-Hash Detected Low Escalated WS-LAP-012
ALR-00302 5h ago Unusual Outbound Traffic Medium Resolved WS-MAC-005
ALR-00296 11h ago Pass-the-Hash Detected Informational Resolved WS-LAP-010
ALR-00100 11h ago Pass-the-Hash Detected Informational False Positive SW-CORE-01
ALR-00149 12h ago Unusual Outbound Traffic Low Open WS-MAC-005