Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:01:57 UTC

Pass-the-Hash Detected

Low Investigating
ALR-00370 · 2026-05-26T06:33:15Z

Description

Pass-the-Hash technique detected on SW-CORE-01. NTLM authentication from 'r.davies' without standard Kerberos ticket. DLP Module flagged.

Alert Metadata

Alert ID
ALR-00370
Timestamp
2026-05-26T06:33:15Z
Severity
Low
Status
Investigating
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SW-CORE-01
User Account
r.davies
Source IP
45.124.148.112
Destination IP
10.3.39.134
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1550.002
Reference
attack.mitre.org/techniques/T1550.002

Investigation Timeline

06:33:15 Event ingested by SOC365 Engine
06:33:17 EmilyAI triage started — correlation enrichment
06:33:23 EmilyAI confidence: 89% — escalated to human analyst
06:33:52 Alert assigned to analyst: EmilyAI (auto)
06:34:09 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00164 4h ago Pass-the-Hash Detected Informational Investigating WS-MAC-005
ALR-00175 11h ago Pass-the-Hash Detected Low Escalated WS-PC-002
ALR-00247 11h ago Certificate Anomaly Low Resolved SW-CORE-01
ALR-00389 12h ago Insider Threat Indicator Medium Open SW-CORE-01
ALR-00099 13h ago Certificate Anomaly Low Escalated SW-CORE-01