Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:36:36 UTC

Kerberoasting Attempt

Low Escalated
ALR-00299 · 2026-07-09T09:58:00Z

Description

Kerberoasting attack detected: user 'l.johnson' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by Network IDS.

Alert Metadata

Alert ID
ALR-00299
Timestamp
2026-07-09T09:58:00Z
Severity
Low
Status
Escalated
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-MAC-005
User Account
l.johnson
Source IP
103.18.216.237
Destination IP
10.2.171.231
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1558.003
Reference
attack.mitre.org/techniques/T1558.003

Investigation Timeline

09:58:00 Event ingested by SOC365 Engine
09:58:01 EmilyAI triage started — correlation enrichment
09:58:05 EmilyAI confidence: 79% — escalated to human analyst
09:58:28 Alert assigned to analyst: EmilyAI (auto)
09:58:53 Investigation started — querying SIEM and threat intelligence
10:03:17 Containment action taken — endpoint isolated
10:16:00 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00354 27m ago Kerberoasting Attempt Medium False Positive SW-CORE-01
ALR-00270 2h ago Kerberoasting Attempt Low Open SRV-WEB-01
ALR-00352 7h ago Tor Exit Node Connection High Escalated WS-MAC-005
ALR-00433 14h ago Kerberoasting Attempt Low Resolved WS-LAP-010
ALR-00298 15h ago Kerberoasting Attempt Low Investigating AP-WIFI-03