Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 22:00:01 UTC

Privilege Escalation Attempt

Critical Open
ALR-00317 · 2026-07-07T17:55:26Z

Description

User 'r.davies' on SW-CORE-01 attempted to escalate to SYSTEM via token manipulation. Endpoint Agent blocked the attempt.

Alert Metadata

Alert ID
ALR-00317
Timestamp
2026-07-07T17:55:26Z
Severity
Critical
Status
Open
Detection Source
Endpoint Agent
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SW-CORE-01
User Account
r.davies
Source IP
91.7.195.60
Destination IP
10.2.156.2
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Privilege Escalation
Technique
T1134
Reference
attack.mitre.org/techniques/T1134

Investigation Timeline

17:55:26 Event ingested by SOC365 Engine
17:55:28 EmilyAI triage started — correlation enrichment
17:55:36 EmilyAI confidence: 89% — escalated to human analyst
17:55:54 Alert assigned to analyst: Anika Patel
17:57:20 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00171 44m ago Failed MFA Challenge Low Open SW-CORE-01
ALR-00083 6h ago Rogue DHCP Server Low False Positive SW-CORE-01
ALR-00276 7h ago Unusual Outbound Traffic Medium Escalated SW-CORE-01
ALR-00432 9h ago DecoyPulse Honeypot Triggered High Escalated SW-CORE-01
ALR-00190 9h ago Suspicious Scheduled Task Medium Resolved SW-CORE-01