Kerberoasting Attempt
Critical
Open
ALR-00451 · 2026-07-09T17:38:44Z
Description
Kerberoasting attack detected: user 'f.hall' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by Dark Web Monitor.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
17:38:44
Event ingested by SOC365 Engine
17:38:46
EmilyAI triage started — correlation enrichment
17:38:49
EmilyAI confidence: 81% — escalated to human analyst
17:39:09
Alert assigned to analyst: Marcus Webb
17:40:33
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00446 | 1h ago | Failed MFA Challenge | Medium | Open | WS-PC-006 |
| ALR-00236 | 5h ago | Pass-the-Hash Detected | Low | False Positive | WS-PC-006 |
| ALR-00305 | 8h ago | Pass-the-Hash Detected | Informational | Resolved | WS-PC-006 |
| ALR-00323 | 14h ago | Data Exfiltration Attempt | Informational | Investigating | WS-PC-006 |
| ALR-00004 | 19h ago | Failed MFA Challenge | Low | Escalated | WS-PC-006 |