Kerberoasting Attempt
Critical
Investigating
ALR-00396 · 2026-07-07T11:33:37Z
Description
Kerberoasting attack detected: user 'k.brown' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by Network IDS.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:33:37
Event ingested by SOC365 Engine
11:33:41
EmilyAI triage started — correlation enrichment
11:33:46
EmilyAI confidence: 86% — escalated to human analyst
11:34:06
Alert assigned to analyst: Emma Richardson
11:36:23
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00046 | 7h ago | C2 Beacon Activity | Informational | False Positive | WS-PC-001 |
| ALR-00201 | 12h ago | Kerberoasting Attempt | Medium | Investigating | SRV-MAIL-01 |
| ALR-00443 | 12h ago | Insider Threat Indicator | Medium | Resolved | WS-PC-001 |
| ALR-00271 | 13h ago | Kerberoasting Attempt | Medium | Open | VM-DEV-01 |
| ALR-00241 | 18h ago | DecoyPulse Honeypot Triggered | High | Open | WS-PC-001 |