Lateral Movement Detected
Medium
Escalated
ALR-00275 · 2026-07-06T15:15:58Z
Description
Firewall detected lateral movement from WS-PC-002 to SRV-DC-01 using user 'd.walker' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
15:15:58
Event ingested by SOC365 Engine
15:16:02
EmilyAI triage started — correlation enrichment
15:16:07
EmilyAI confidence: 89% — escalated to human analyst
15:16:41
Alert assigned to analyst: Sarah Chen
15:17:31
Investigation started — querying SIEM and threat intelligence
15:20:31
Containment action taken — endpoint isolated
15:35:56
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00354 | 58m ago | Lateral Movement Detected | High | Investigating | SRV-BACKUP-01 |
| ALR-00096 | 3h ago | Failed MFA Challenge | High | Investigating | WS-PC-002 |
| ALR-00338 | 5h ago | Lateral Movement Detected | Low | Resolved | WS-MAC-005 |
| ALR-00060 | 8h ago | Tor Exit Node Connection | Low | Resolved | WS-PC-002 |
| ALR-00145 | 9h ago | Lateral Movement Detected | Low | Escalated | WS-PC-004 |