Lateral Movement Detected
High
Open
ALR-00466 · 2026-07-11T13:39:18Z
Description
Endpoint Agent detected lateral movement from WS-PC-004 to SRV-DC-01 using user 'e.evans' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
13:39:18
Event ingested by SOC365 Engine
13:39:20
EmilyAI triage started — correlation enrichment
13:39:32
EmilyAI confidence: 78% — escalated to human analyst
13:39:35
Alert assigned to analyst: James Okonkwo
13:41:11
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00143 | 5h ago | Anomalous DNS Query | Low | Investigating | WS-PC-004 |
| ALR-00326 | 5h ago | Lateral Movement Detected | Medium | Investigating | SRV-SQL-01 |
| ALR-00459 | 11h ago | Lateral Movement Detected | Medium | Resolved | WS-PC-002 |
| ALR-00409 | 13h ago | Unusual Outbound Traffic | Informational | Investigating | WS-PC-004 |
| ALR-00498 | 21h ago | Lateral Movement Detected | Low | Resolved | WS-LAP-012 |