Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:46:19 UTC

Pass-the-Hash Detected

Medium Escalated
ALR-00464 · 2026-07-07T17:39:13Z

Description

Pass-the-Hash technique detected on WS-PC-004. NTLM authentication from 'e.evans' without standard Kerberos ticket. Endpoint Agent flagged.

Alert Metadata

Alert ID
ALR-00464
Timestamp
2026-07-07T17:39:13Z
Severity
Medium
Status
Escalated
Detection Source
Endpoint Agent
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
WS-PC-004
User Account
e.evans
Source IP
91.60.195.232
Destination IP
10.2.178.231
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1550.002
Reference
attack.mitre.org/techniques/T1550.002

Investigation Timeline

17:39:13 Event ingested by SOC365 Engine
17:39:15 EmilyAI triage started — correlation enrichment
17:39:18 EmilyAI confidence: 88% — escalated to human analyst
17:39:53 Alert assigned to analyst: Anika Patel
17:42:00 Investigation started — querying SIEM and threat intelligence
17:43:21 Containment action taken — endpoint isolated
17:54:24 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00363 1h ago Tor Exit Node Connection High Open WS-PC-004
ALR-00475 8h ago Anomalous DNS Query Medium False Positive WS-PC-004
ALR-00136 10h ago Tor Exit Node Connection Medium Escalated WS-PC-004
ALR-00439 10h ago Kerberoasting Attempt Medium Escalated WS-PC-004
ALR-00300 23h ago Pass-the-Hash Detected Low Resolved WS-LAP-012