Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:02:52 UTC

Lateral Movement Detected

Low Escalated
ALR-00438 · 2026-05-21T06:00:19Z

Description

SOC365 Engine detected lateral movement from SRV-MAIL-01 to SRV-DC-01 using user 'n.clark' credentials. SMB admin shares accessed.

Alert Metadata

Alert ID
ALR-00438
Timestamp
2026-05-21T06:00:19Z
Severity
Low
Status
Escalated
Detection Source
SOC365 Engine
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-MAIL-01
User Account
n.clark
Source IP
194.57.62.120
Destination IP
10.2.250.121
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1021.002
Reference
attack.mitre.org/techniques/T1021.002

Investigation Timeline

06:00:19 Event ingested by SOC365 Engine
06:00:24 EmilyAI triage started — correlation enrichment
06:00:25 EmilyAI confidence: 80% — escalated to human analyst
06:00:50 Alert assigned to analyst: EmilyAI (auto)
06:02:38 Investigation started — querying SIEM and threat intelligence
06:04:26 Containment action taken — endpoint isolated
06:11:36 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00210 6h ago Lateral Movement Detected Low Open SRV-BACKUP-01
ALR-00401 6h ago Lateral Movement Detected Informational Investigating WS-LAP-012
ALR-00268 10h ago Lateral Movement Detected Low Escalated WS-LAP-011
ALR-00233 14h ago Tor Exit Node Connection Medium Escalated SRV-MAIL-01
ALR-00066 20h ago DLP Policy Violation Medium Resolved SRV-MAIL-01