Kerberoasting Attempt
Informational
Investigating
ALR-00426 · 2026-07-05T10:41:26Z
Description
Kerberoasting attack detected: user 's.jones' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by Network IDS.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
10:41:26
Event ingested by SOC365 Engine
10:41:30
EmilyAI triage started — correlation enrichment
10:41:32
EmilyAI confidence: 93% — escalated to human analyst
10:42:04
Alert assigned to analyst: EmilyAI (auto)
10:44:22
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00046 | 1h ago | Kerberoasting Attempt | Informational | False Positive | SRV-BACKUP-01 |
| ALR-00381 | 8h ago | DLP Policy Violation | Low | False Positive | WS-PC-004 |
| ALR-00182 | 9h ago | Ransomware Behaviour Detected | Medium | False Positive | WS-PC-004 |
| ALR-00339 | 9h ago | Kerberoasting Attempt | Medium | Escalated | VM-DEV-01 |
| ALR-00261 | 14h ago | Tor Exit Node Connection | Medium | Escalated | WS-PC-004 |