Pass-the-Hash Detected
Medium
Escalated
ALR-00464 · 2026-07-07T17:39:13Z
Description
Pass-the-Hash technique detected on WS-PC-004. NTLM authentication from 'e.evans' without standard Kerberos ticket. Endpoint Agent flagged.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
17:39:13
Event ingested by SOC365 Engine
17:39:15
EmilyAI triage started — correlation enrichment
17:39:18
EmilyAI confidence: 88% — escalated to human analyst
17:39:53
Alert assigned to analyst: Anika Patel
17:42:00
Investigation started — querying SIEM and threat intelligence
17:43:21
Containment action taken — endpoint isolated
17:54:24
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00363 | 1h ago | Tor Exit Node Connection | High | Open | WS-PC-004 |
| ALR-00475 | 8h ago | Anomalous DNS Query | Medium | False Positive | WS-PC-004 |
| ALR-00136 | 10h ago | Tor Exit Node Connection | Medium | Escalated | WS-PC-004 |
| ALR-00439 | 10h ago | Kerberoasting Attempt | Medium | Escalated | WS-PC-004 |
| ALR-00300 | 23h ago | Pass-the-Hash Detected | Low | Resolved | WS-LAP-012 |