Lateral Movement Detected
Low
Open
ALR-00340 · 2026-07-09T09:32:57Z
Description
Dark Web Monitor detected lateral movement from WS-PC-003 to SRV-DC-01 using user 'a.wilson' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
09:32:57
Event ingested by SOC365 Engine
09:33:00
EmilyAI triage started — correlation enrichment
09:33:06
EmilyAI confidence: 84% — escalated to human analyst
09:33:36
Alert assigned to analyst: EmilyAI (auto)
09:34:21
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00108 | 4h ago | DLP Policy Violation | Medium | Escalated | WS-PC-003 |
| ALR-00385 | 13h ago | Lateral Movement Detected | Informational | Investigating | WS-MAC-005 |
| ALR-00002 | 17h ago | Lateral Movement Detected | Informational | Escalated | SRV-DC-01 |
| ALR-00173 | 17h ago | Lateral Movement Detected | Low | Escalated | WS-PC-002 |
| ALR-00237 | 1d ago | Brute Force SSH | Low | Open | WS-PC-003 |