Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:22:20 UTC

Lateral Movement Detected

Low Escalated
ALR-00472 · 2026-04-06T23:27:18Z

Description

Network IDS detected lateral movement from AP-WIFI-03 to SRV-DC-01 using user 'p.thomas' credentials. SMB admin shares accessed.

Alert Metadata

Alert ID
ALR-00472
Timestamp
2026-04-06T23:27:18Z
Severity
Low
Status
Escalated
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
AP-WIFI-03
User Account
p.thomas
Source IP
45.222.148.153
Destination IP
10.3.195.85
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1021.002
Reference
attack.mitre.org/techniques/T1021.002

Investigation Timeline

23:27:18 Event ingested by SOC365 Engine
23:27:19 EmilyAI triage started — correlation enrichment
23:27:28 EmilyAI confidence: 88% — escalated to human analyst
23:27:54 Alert assigned to analyst: EmilyAI (auto)
23:29:47 Investigation started — querying SIEM and threat intelligence
23:34:59 Containment action taken — endpoint isolated
23:45:00 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00153 17m ago Lateral Movement Detected Informational Open SRV-MAIL-01
ALR-00124 6h ago Shadow IT Discovery Informational Resolved AP-WIFI-03
ALR-00248 7h ago DecoyPulse Honeypot Triggered Informational False Positive AP-WIFI-03
ALR-00337 17h ago Lateral Movement Detected Low Resolved WS-PC-002
ALR-00069 1d ago Privilege Escalation Attempt Low Open AP-WIFI-03