Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 16:53:14 UTC

Pass-the-Hash Detected

Low Open
ALR-00433 · 2026-04-07T06:38:39Z

Description

Pass-the-Hash technique detected on SRV-SQL-01. NTLM authentication from 'f.hall' without standard Kerberos ticket. DecoyPulse flagged.

Alert Metadata

Alert ID
ALR-00433
Timestamp
2026-04-07T06:38:39Z
Severity
Low
Status
Open
Detection Source
DecoyPulse
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-SQL-01
User Account
f.hall
Source IP
185.101.220.154
Destination IP
10.3.32.82
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1550.002
Reference
attack.mitre.org/techniques/T1550.002

Investigation Timeline

06:38:39 Event ingested by SOC365 Engine
06:38:40 EmilyAI triage started — correlation enrichment
06:38:47 EmilyAI confidence: 85% — escalated to human analyst
06:39:12 Alert assigned to analyst: EmilyAI (auto)
06:39:55 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00436 1h ago Lateral Movement Detected High Investigating SRV-SQL-01
ALR-00281 5h ago Credential Stuffing Attempt Medium Resolved SRV-SQL-01
ALR-00384 8h ago Insider Threat Indicator High Escalated SRV-SQL-01
ALR-00168 9h ago Insider Threat Indicator Low False Positive SRV-SQL-01
ALR-00197 10h ago Pass-the-Hash Detected Low Investigating SRV-BACKUP-01