Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:06:24 UTC

Privilege Escalation Attempt

Informational Open
ALR-00280 · 2026-05-24T09:48:29Z

Description

User 'r.davies' on AP-WIFI-03 attempted to escalate to SYSTEM via token manipulation. Firewall blocked the attempt.

Alert Metadata

Alert ID
ALR-00280
Timestamp
2026-05-24T09:48:29Z
Severity
Informational
Status
Open
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
AP-WIFI-03
User Account
r.davies
Source IP
194.232.62.38
Destination IP
10.1.58.37
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Privilege Escalation
Technique
T1134
Reference
attack.mitre.org/techniques/T1134

Investigation Timeline

09:48:29 Event ingested by SOC365 Engine
09:48:32 EmilyAI triage started — correlation enrichment
09:48:43 EmilyAI confidence: 81% — escalated to human analyst
09:49:03 Alert assigned to analyst: EmilyAI (auto)
09:49:21 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00274 14m ago Privilege Escalation Attempt Medium Open SRV-MAIL-01
ALR-00036 10h ago Privilege Escalation Attempt High Escalated WS-PC-004
ALR-00288 12h ago Suspicious PowerShell Execution Low Open AP-WIFI-03
ALR-00383 14h ago C2 Beacon Activity High Open AP-WIFI-03
ALR-00290 15h ago Privilege Escalation Attempt Medium False Positive WS-PC-003