Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:19:49 UTC

Privilege Escalation Attempt

Low Escalated
ALR-00423 · 2026-05-21T21:20:01Z

Description

User 'r.davies' on SRV-SQL-01 attempted to escalate to SYSTEM via token manipulation. SOC365 Engine blocked the attempt.

Alert Metadata

Alert ID
ALR-00423
Timestamp
2026-05-21T21:20:01Z
Severity
Low
Status
Escalated
Detection Source
SOC365 Engine
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-SQL-01
User Account
r.davies
Source IP
194.189.62.108
Destination IP
10.0.120.21
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Privilege Escalation
Technique
T1134
Reference
attack.mitre.org/techniques/T1134

Investigation Timeline

21:20:01 Event ingested by SOC365 Engine
21:20:05 EmilyAI triage started — correlation enrichment
21:20:16 EmilyAI confidence: 78% — escalated to human analyst
21:20:21 Alert assigned to analyst: EmilyAI (auto)
21:20:54 Investigation started — querying SIEM and threat intelligence
21:25:42 Containment action taken — endpoint isolated
21:36:29 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00037 4h ago Data Exfiltration Attempt Informational Escalated SRV-SQL-01
ALR-00500 14h ago Privilege Escalation Attempt Medium False Positive WS-LAP-010
ALR-00452 20h ago Ransomware Behaviour Detected Informational Escalated SRV-SQL-01
ALR-00275 23h ago Privilege Escalation Attempt High Escalated WS-LAP-010
ALR-00028 1d ago Unusual Outbound Traffic Low Resolved SRV-SQL-01