Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:35:54 UTC

Privilege Escalation Attempt

Medium Resolved
ALR-00280 · 2026-07-06T05:54:32Z

Description

User 's.jones' on SRV-BACKUP-01 attempted to escalate to SYSTEM via token manipulation. Email Gateway blocked the attempt.

Alert Metadata

Alert ID
ALR-00280
Timestamp
2026-07-06T05:54:32Z
Severity
Medium
Status
Resolved
Detection Source
Email Gateway
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
s.jones
Source IP
45.195.148.204
Destination IP
10.1.136.28
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Privilege Escalation
Technique
T1134
Reference
attack.mitre.org/techniques/T1134

Investigation Timeline

05:54:32 Event ingested by SOC365 Engine
05:54:37 EmilyAI triage started — correlation enrichment
05:54:40 EmilyAI confidence: 84% — escalated to human analyst
05:54:54 Alert assigned to analyst: Emma Richardson
05:57:30 Investigation started — querying SIEM and threat intelligence
05:58:24 Containment action taken — endpoint isolated
06:07:38 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00426 4h ago Privilege Escalation Attempt Low Investigating WS-PC-006
ALR-00071 8h ago Privilege Escalation Attempt Informational Escalated WS-LAP-010
ALR-00310 8h ago Malware Signature Match Critical Investigating SRV-BACKUP-01
ALR-00233 12h ago Suspicious Scheduled Task Low False Positive SRV-BACKUP-01
ALR-00070 14h ago Unauthorised USB Device Medium Escalated SRV-BACKUP-01