Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:01:30 UTC

Privilege Escalation Attempt

Informational Open
ALR-00375 · 2026-05-26T10:58:38Z

Description

User 'd.walker' on FW-EDGE-01 attempted to escalate to SYSTEM via token manipulation. Firewall blocked the attempt.

Alert Metadata

Alert ID
ALR-00375
Timestamp
2026-05-26T10:58:38Z
Severity
Informational
Status
Open
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
FW-EDGE-01
User Account
d.walker
Source IP
103.231.216.13
Destination IP
10.1.117.192
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Privilege Escalation
Technique
T1134
Reference
attack.mitre.org/techniques/T1134

Investigation Timeline

10:58:38 Event ingested by SOC365 Engine
10:58:40 EmilyAI triage started — correlation enrichment
10:58:52 EmilyAI confidence: 84% — escalated to human analyst
10:58:53 Alert assigned to analyst: EmilyAI (auto)
10:59:58 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00128 4h ago Anomalous DNS Query Low Resolved FW-EDGE-01
ALR-00335 4h ago Shadow IT Discovery Low Resolved FW-EDGE-01
ALR-00222 11h ago Tor Exit Node Connection Low Investigating FW-EDGE-01
ALR-00055 15h ago Pass-the-Hash Detected Medium Open FW-EDGE-01
ALR-00176 16h ago Phishing Email Blocked Informational Investigating FW-EDGE-01