Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:45:28 UTC

Lateral Movement Detected

Medium False Positive
ALR-00298 · 2026-07-05T14:52:42Z

Description

EmilyAI Triage detected lateral movement from SRV-BACKUP-01 to SRV-DC-01 using user 's.jones' credentials. SMB admin shares accessed.

Alert Metadata

Alert ID
ALR-00298
Timestamp
2026-07-05T14:52:42Z
Severity
Medium
Status
False Positive
Detection Source
EmilyAI Triage
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
s.jones
Source IP
194.120.62.9
Destination IP
10.2.215.39
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1021.002
Reference
attack.mitre.org/techniques/T1021.002

Investigation Timeline

14:52:42 Event ingested by SOC365 Engine
14:52:43 EmilyAI triage started — correlation enrichment
14:52:52 EmilyAI confidence: 95% — escalated to human analyst
14:53:09 Alert assigned to analyst: Emma Richardson
14:53:48 Investigation started — querying SIEM and threat intelligence
14:57:40 Containment action taken — endpoint isolated
15:11:46 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00170 50m ago Lateral Movement Detected Informational False Positive WS-PC-006
ALR-00216 1h ago Certificate Anomaly Medium False Positive SRV-BACKUP-01
ALR-00353 2h ago Port Scan Detected Low Escalated SRV-BACKUP-01
ALR-00224 3h ago Lateral Movement Detected High Open AP-WIFI-03
ALR-00429 5h ago Pass-the-Hash Detected Medium False Positive SRV-BACKUP-01