Privilege Escalation Attempt
Critical
Open
ALR-00317 · 2026-07-07T17:55:26Z
Description
User 'r.davies' on SW-CORE-01 attempted to escalate to SYSTEM via token manipulation. Endpoint Agent blocked the attempt.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
17:55:26
Event ingested by SOC365 Engine
17:55:28
EmilyAI triage started — correlation enrichment
17:55:36
EmilyAI confidence: 89% — escalated to human analyst
17:55:54
Alert assigned to analyst: Anika Patel
17:57:20
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00171 | 44m ago | Failed MFA Challenge | Low | Open | SW-CORE-01 |
| ALR-00083 | 6h ago | Rogue DHCP Server | Low | False Positive | SW-CORE-01 |
| ALR-00276 | 7h ago | Unusual Outbound Traffic | Medium | Escalated | SW-CORE-01 |
| ALR-00432 | 9h ago | DecoyPulse Honeypot Triggered | High | Escalated | SW-CORE-01 |
| ALR-00190 | 9h ago | Suspicious Scheduled Task | Medium | Resolved | SW-CORE-01 |