Privilege Escalation Attempt
Low
Investigating
ALR-00349 · 2026-07-09T11:21:41Z
Description
User 'j.smith' on SRV-WEB-01 attempted to escalate to SYSTEM via token manipulation. Attack Surface Scanner blocked the attempt.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:21:41
Event ingested by SOC365 Engine
11:21:46
EmilyAI triage started — correlation enrichment
11:21:46
EmilyAI confidence: 88% — escalated to human analyst
11:22:08
Alert assigned to analyst: EmilyAI (auto)
11:22:49
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00378 | 2h ago | Suspicious PowerShell Execution | Informational | Open | SRV-WEB-01 |
| ALR-00418 | 3h ago | Privilege Escalation Attempt | Critical | Open | SRV-MAIL-01 |
| ALR-00228 | 7h ago | Lateral Movement Detected | Low | Investigating | SRV-WEB-01 |
| ALR-00182 | 20h ago | C2 Beacon Activity | High | Investigating | SRV-WEB-01 |
| ALR-00304 | 22h ago | Lateral Movement Detected | Informational | False Positive | SRV-WEB-01 |