Lateral Movement Detected
Low
False Positive
ALR-00431 · 2026-05-23T14:13:57Z
Description
Dark Web Monitor detected lateral movement from FW-EDGE-01 to SRV-DC-01 using user 'p.thomas' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
14:13:57
Event ingested by SOC365 Engine
14:14:00
EmilyAI triage started — correlation enrichment
14:14:03
EmilyAI confidence: 93% — escalated to human analyst
14:14:30
Alert assigned to analyst: EmilyAI (auto)
14:15:58
Investigation started — querying SIEM and threat intelligence
14:21:07
Containment action taken — endpoint isolated
14:29:22
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00016 | 1h ago | Lateral Movement Detected | Medium | Escalated | WS-LAP-010 |
| ALR-00411 | 3h ago | DLP Policy Violation | Medium | Open | FW-EDGE-01 |
| ALR-00169 | 14h ago | C2 Beacon Activity | Low | Resolved | FW-EDGE-01 |
| ALR-00119 | 16h ago | Suspicious Scheduled Task | Informational | Open | FW-EDGE-01 |
| ALR-00342 | 1d ago | Tor Exit Node Connection | Informational | Escalated | FW-EDGE-01 |