Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:01:58 UTC

Kerberoasting Attempt

Low Resolved
ALR-00350 · 2026-05-26T07:00:12Z

Description

Kerberoasting attack detected: user 'c.williams' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by Network IDS.

Alert Metadata

Alert ID
ALR-00350
Timestamp
2026-05-26T07:00:12Z
Severity
Low
Status
Resolved
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
c.williams
Source IP
45.106.148.233
Destination IP
10.1.13.142
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1558.003
Reference
attack.mitre.org/techniques/T1558.003

Investigation Timeline

07:00:12 Event ingested by SOC365 Engine
07:00:14 EmilyAI triage started — correlation enrichment
07:00:20 EmilyAI confidence: 96% — escalated to human analyst
07:00:44 Alert assigned to analyst: EmilyAI (auto)
07:01:55 Investigation started — querying SIEM and threat intelligence
07:05:09 Containment action taken — endpoint isolated
07:18:28 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00342 2m ago Kerberoasting Attempt Low Resolved SRV-APP-01
ALR-00464 3h ago Kerberoasting Attempt Low Investigating AP-WIFI-03
ALR-00016 14h ago Kerberoasting Attempt High Investigating SRV-FILE-01
ALR-00466 16h ago Certificate Anomaly Informational Open SRV-BACKUP-01
ALR-00026 17h ago Privilege Escalation Attempt High Escalated SRV-BACKUP-01