Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:26:06 UTC

Pass-the-Hash Detected

Low Escalated
ALR-00266 · 2026-05-23T23:15:17Z

Description

Pass-the-Hash technique detected on WS-LAP-011. NTLM authentication from 'j.smith' without standard Kerberos ticket. EmilyAI Triage flagged.

Alert Metadata

Alert ID
ALR-00266
Timestamp
2026-05-23T23:15:17Z
Severity
Low
Status
Escalated
Detection Source
EmilyAI Triage
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-011
User Account
j.smith
Source IP
194.182.62.208
Destination IP
10.2.194.246
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1550.002
Reference
attack.mitre.org/techniques/T1550.002

Investigation Timeline

23:15:17 Event ingested by SOC365 Engine
23:15:18 EmilyAI triage started — correlation enrichment
23:15:32 EmilyAI confidence: 90% — escalated to human analyst
23:15:45 Alert assigned to analyst: EmilyAI (auto)
23:16:44 Investigation started — querying SIEM and threat intelligence
23:23:45 Containment action taken — endpoint isolated
23:26:35 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00024 25m ago Pass-the-Hash Detected Medium False Positive WS-PC-003
ALR-00423 16h ago Pass-the-Hash Detected Medium False Positive SW-CORE-01
ALR-00070 18h ago Pass-the-Hash Detected Informational Escalated WS-PC-002
ALR-00020 22h ago Pass-the-Hash Detected Low Escalated SRV-BACKUP-01
ALR-00148 22h ago Unauthorised USB Device Informational Escalated WS-LAP-011