Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:27:33 UTC

Lateral Movement Detected

Medium Escalated
ALR-00349 · 2026-04-10T13:12:36Z

Description

DLP Module detected lateral movement from AP-WIFI-03 to SRV-DC-01 using user 'system' credentials. SMB admin shares accessed.

Alert Metadata

Alert ID
ALR-00349
Timestamp
2026-04-10T13:12:36Z
Severity
Medium
Status
Escalated
Detection Source
DLP Module
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
AP-WIFI-03
User Account
system
Source IP
185.191.220.116
Destination IP
10.2.246.187
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1021.002
Reference
attack.mitre.org/techniques/T1021.002

Investigation Timeline

13:12:36 Event ingested by SOC365 Engine
13:12:40 EmilyAI triage started — correlation enrichment
13:12:43 EmilyAI confidence: 87% — escalated to human analyst
13:13:09 Alert assigned to analyst: James Okonkwo
13:15:03 Investigation started — querying SIEM and threat intelligence
13:16:39 Containment action taken — endpoint isolated
13:23:49 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00336 13h ago DLP Policy Violation Medium Open AP-WIFI-03
ALR-00245 14h ago Lateral Movement Detected Low Escalated WS-LAP-011
ALR-00236 17h ago Ransomware Behaviour Detected Low False Positive AP-WIFI-03
ALR-00368 21h ago Lateral Movement Detected Low False Positive WS-LAP-011
ALR-00384 23h ago Lateral Movement Detected Informational Investigating SRV-SQL-01