Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:27:37 UTC

Lateral Movement Detected

High Open
ALR-00456 · 2026-04-07T19:47:53Z

Description

EmilyAI Triage detected lateral movement from VM-DEV-01 to SRV-DC-01 using user 'f.hall' credentials. SMB admin shares accessed.

Alert Metadata

Alert ID
ALR-00456
Timestamp
2026-04-07T19:47:53Z
Severity
High
Status
Open
Detection Source
EmilyAI Triage
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
VM-DEV-01
User Account
f.hall
Source IP
185.122.220.168
Destination IP
10.0.201.254
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1021.002
Reference
attack.mitre.org/techniques/T1021.002

Investigation Timeline

19:47:53 Event ingested by SOC365 Engine
19:47:55 EmilyAI triage started — correlation enrichment
19:48:05 EmilyAI confidence: 87% — escalated to human analyst
19:48:35 Alert assigned to analyst: Marcus Webb
19:48:56 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00472 3h ago Privilege Escalation Attempt Low Investigating VM-DEV-01
ALR-00049 12h ago Kerberoasting Attempt Medium Investigating VM-DEV-01
ALR-00245 14h ago Lateral Movement Detected Low Escalated WS-LAP-011
ALR-00348 17h ago Credential Stuffing Attempt High Open VM-DEV-01
ALR-00368 21h ago Lateral Movement Detected Low False Positive WS-LAP-011