Privilege Escalation Attempt
Medium
Resolved
ALR-00280 · 2026-07-06T05:54:32Z
Description
User 's.jones' on SRV-BACKUP-01 attempted to escalate to SYSTEM via token manipulation. Email Gateway blocked the attempt.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
05:54:32
Event ingested by SOC365 Engine
05:54:37
EmilyAI triage started — correlation enrichment
05:54:40
EmilyAI confidence: 84% — escalated to human analyst
05:54:54
Alert assigned to analyst: Emma Richardson
05:57:30
Investigation started — querying SIEM and threat intelligence
05:58:24
Containment action taken — endpoint isolated
06:07:38
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00426 | 4h ago | Privilege Escalation Attempt | Low | Investigating | WS-PC-006 |
| ALR-00071 | 8h ago | Privilege Escalation Attempt | Informational | Escalated | WS-LAP-010 |
| ALR-00310 | 8h ago | Malware Signature Match | Critical | Investigating | SRV-BACKUP-01 |
| ALR-00233 | 12h ago | Suspicious Scheduled Task | Low | False Positive | SRV-BACKUP-01 |
| ALR-00070 | 14h ago | Unauthorised USB Device | Medium | Escalated | SRV-BACKUP-01 |