Lateral Movement Detected
Low
Investigating
ALR-00264 · 2026-07-07T07:54:31Z
Description
Dark Web Monitor detected lateral movement from WS-LAP-010 to SRV-DC-01 using user 'system' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
07:54:31
Event ingested by SOC365 Engine
07:54:32
EmilyAI triage started — correlation enrichment
07:54:37
EmilyAI confidence: 96% — escalated to human analyst
07:54:54
Alert assigned to analyst: EmilyAI (auto)
07:56:41
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00095 | 1h ago | Lateral Movement Detected | Low | Resolved | SRV-APP-01 |
| ALR-00065 | 3h ago | Shadow IT Discovery | Low | Open | WS-LAP-010 |
| ALR-00129 | 4h ago | Lateral Movement Detected | Low | Escalated | VM-DEV-01 |
| ALR-00085 | 15h ago | DecoyPulse Honeypot Triggered | Medium | Resolved | WS-LAP-010 |
| ALR-00422 | 17h ago | Tor Exit Node Connection | Critical | Escalated | WS-LAP-010 |