Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:08:03 UTC

Lateral Movement Detected

Informational Escalated
ALR-00256 · 2026-05-25T06:08:06Z

Description

DecoyPulse detected lateral movement from SRV-DC-01 to SRV-DC-01 using user 'c.williams' credentials. SMB admin shares accessed.

Alert Metadata

Alert ID
ALR-00256
Timestamp
2026-05-25T06:08:06Z
Severity
Informational
Status
Escalated
Detection Source
DecoyPulse
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-DC-01
User Account
c.williams
Source IP
91.111.195.164
Destination IP
10.0.114.173
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1021.002
Reference
attack.mitre.org/techniques/T1021.002

Investigation Timeline

06:08:06 Event ingested by SOC365 Engine
06:08:08 EmilyAI triage started — correlation enrichment
06:08:15 EmilyAI confidence: 90% — escalated to human analyst
06:08:36 Alert assigned to analyst: EmilyAI (auto)
06:09:34 Investigation started — querying SIEM and threat intelligence
06:16:27 Containment action taken — endpoint isolated
06:25:49 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00016 1h ago Lateral Movement Detected Medium Escalated WS-LAP-010
ALR-00460 6h ago Unusual Outbound Traffic Low Investigating SRV-DC-01
ALR-00006 6h ago DLP Policy Violation Low Investigating SRV-DC-01
ALR-00230 17h ago Rogue DHCP Server Low False Positive SRV-DC-01
ALR-00065 1d ago Kerberoasting Attempt Medium Escalated SRV-DC-01