Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:44:06 UTC

Privilege Escalation Attempt

Informational Open
ALR-00267 · 2026-07-05T17:49:32Z

Description

User 'n.clark' on WS-PC-003 attempted to escalate to SYSTEM via token manipulation. DLP Module blocked the attempt.

Alert Metadata

Alert ID
ALR-00267
Timestamp
2026-07-05T17:49:32Z
Severity
Informational
Status
Open
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-003
User Account
n.clark
Source IP
45.191.148.31
Destination IP
10.2.249.29
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Privilege Escalation
Technique
T1134
Reference
attack.mitre.org/techniques/T1134

Investigation Timeline

17:49:32 Event ingested by SOC365 Engine
17:49:34 EmilyAI triage started — correlation enrichment
17:49:38 EmilyAI confidence: 96% — escalated to human analyst
17:50:06 Alert assigned to analyst: EmilyAI (auto)
17:52:12 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00406 1h ago DLP Policy Violation Medium Escalated WS-PC-003
ALR-00249 8h ago Privilege Escalation Attempt Medium Resolved WS-PC-002
ALR-00359 12h ago Privilege Escalation Attempt Medium Investigating WS-PC-006
ALR-00103 13h ago Privilege Escalation Attempt Informational Resolved AP-WIFI-03
ALR-00274 18h ago Privilege Escalation Attempt Low Open SRV-MAIL-01