Lateral Movement Detected
Low
Escalated
ALR-00477 · 2026-07-08T03:59:28Z
Description
Cloud Connector detected lateral movement from WS-PC-001 to SRV-DC-01 using user 'p.thomas' credentials. SMB admin shares accessed.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
03:59:28
Event ingested by SOC365 Engine
03:59:30
EmilyAI triage started — correlation enrichment
03:59:35
EmilyAI confidence: 98% — escalated to human analyst
03:59:52
Alert assigned to analyst: EmilyAI (auto)
04:01:53
Investigation started — querying SIEM and threat intelligence
04:04:08
Containment action taken — endpoint isolated
04:19:20
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00425 | 2h ago | Data Exfiltration Attempt | Informational | Resolved | WS-PC-001 |
| ALR-00224 | 2h ago | Lateral Movement Detected | Low | Investigating | SRV-APP-01 |
| ALR-00298 | 9h ago | Malware Signature Match | Medium | False Positive | WS-PC-001 |
| ALR-00336 | 12h ago | Lateral Movement Detected | Medium | Resolved | WS-PC-004 |
| ALR-00111 | 12h ago | Data Exfiltration Attempt | Medium | False Positive | WS-PC-001 |