Pass-the-Hash Detected
Medium
Resolved
ALR-00416 · 2026-07-05T19:24:35Z
Description
Pass-the-Hash technique detected on SW-CORE-01. NTLM authentication from 'e.evans' without standard Kerberos ticket. Attack Surface Scanner flagged.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
19:24:35
Event ingested by SOC365 Engine
19:24:36
EmilyAI triage started — correlation enrichment
19:24:45
EmilyAI confidence: 91% — escalated to human analyst
19:25:13
Alert assigned to analyst: Marcus Webb
19:26:04
Investigation started — querying SIEM and threat intelligence
19:28:23
Containment action taken — endpoint isolated
19:43:41
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00221 | 37m ago | Pass-the-Hash Detected | Informational | Escalated | SRV-SQL-01 |
| ALR-00251 | 1h ago | Privilege Escalation Attempt | Informational | Escalated | SW-CORE-01 |
| ALR-00027 | 13h ago | Privilege Escalation Attempt | Low | Escalated | SW-CORE-01 |
| ALR-00323 | 23h ago | Pass-the-Hash Detected | Critical | Escalated | WS-PC-002 |
| ALR-00269 | 1d ago | Unusual Outbound Traffic | Low | Escalated | SW-CORE-01 |