Privilege Escalation Attempt
Informational
Investigating
ALR-00468 · 2026-07-08T11:40:11Z
Description
User 's.jones' on VM-DEV-01 attempted to escalate to SYSTEM via token manipulation. EmilyAI Triage blocked the attempt.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:40:11
Event ingested by SOC365 Engine
11:40:12
EmilyAI triage started — correlation enrichment
11:40:23
EmilyAI confidence: 94% — escalated to human analyst
11:40:35
Alert assigned to analyst: EmilyAI (auto)
11:41:07
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00492 | 1h ago | Privilege Escalation Attempt | Medium | Investigating | SRV-BACKUP-01 |
| ALR-00236 | 1h ago | Privilege Escalation Attempt | Informational | False Positive | SRV-APP-01 |
| ALR-00483 | 2h ago | Rogue DHCP Server | Low | Open | VM-DEV-01 |
| ALR-00323 | 3h ago | Pass-the-Hash Detected | Low | Open | VM-DEV-01 |
| ALR-00081 | 4h ago | Privilege Escalation Attempt | Low | False Positive | WS-PC-003 |