Kerberoasting Attempt
Low
Open
ALR-00268 · 2026-07-05T03:00:40Z
Description
Kerberoasting attack detected: user 'e.evans' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by Dark Web Monitor.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
03:00:40
Event ingested by SOC365 Engine
03:00:43
EmilyAI triage started — correlation enrichment
03:00:55
EmilyAI confidence: 98% — escalated to human analyst
03:01:10
Alert assigned to analyst: EmilyAI (auto)
03:01:58
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00125 | 1h ago | Certificate Anomaly | Low | Open | WS-PC-004 |
| ALR-00374 | 1h ago | Phishing Email Blocked | Medium | Resolved | WS-PC-004 |
| ALR-00193 | 3h ago | Kerberoasting Attempt | Low | Escalated | WS-PC-001 |
| ALR-00179 | 5h ago | DLP Policy Violation | Informational | False Positive | WS-PC-004 |
| ALR-00470 | 1d ago | Kerberoasting Attempt | Low | Resolved | SRV-FILE-01 |