Lateral Movement Detected
Medium
False Positive
ALR-00298 · 2026-07-05T14:52:42Z
Description
EmilyAI Triage detected lateral movement from SRV-BACKUP-01 to SRV-DC-01 using user 's.jones' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
14:52:42
Event ingested by SOC365 Engine
14:52:43
EmilyAI triage started — correlation enrichment
14:52:52
EmilyAI confidence: 95% — escalated to human analyst
14:53:09
Alert assigned to analyst: Emma Richardson
14:53:48
Investigation started — querying SIEM and threat intelligence
14:57:40
Containment action taken — endpoint isolated
15:11:46
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00170 | 50m ago | Lateral Movement Detected | Informational | False Positive | WS-PC-006 |
| ALR-00216 | 1h ago | Certificate Anomaly | Medium | False Positive | SRV-BACKUP-01 |
| ALR-00353 | 2h ago | Port Scan Detected | Low | Escalated | SRV-BACKUP-01 |
| ALR-00224 | 3h ago | Lateral Movement Detected | High | Open | AP-WIFI-03 |
| ALR-00429 | 5h ago | Pass-the-Hash Detected | Medium | False Positive | SRV-BACKUP-01 |