Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:20:18 UTC

Pass-the-Hash Detected

Medium Investigating
ALR-00481 · 2026-04-08T06:08:24Z

Description

Pass-the-Hash technique detected on SRV-DC-01. NTLM authentication from 'm.taylor' without standard Kerberos ticket. EmilyAI Triage flagged.

Alert Metadata

Alert ID
ALR-00481
Timestamp
2026-04-08T06:08:24Z
Severity
Medium
Status
Investigating
Detection Source
EmilyAI Triage
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
SRV-DC-01
User Account
m.taylor
Source IP
91.22.195.193
Destination IP
10.1.247.25
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1550.002
Reference
attack.mitre.org/techniques/T1550.002

Investigation Timeline

06:08:24 Event ingested by SOC365 Engine
06:08:26 EmilyAI triage started — correlation enrichment
06:08:34 EmilyAI confidence: 80% — escalated to human analyst
06:09:04 Alert assigned to analyst: Emma Richardson
06:11:04 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00023 4h ago Pass-the-Hash Detected Low Escalated WS-LAP-012
ALR-00293 5h ago Anomalous DNS Query Informational Resolved SRV-DC-01
ALR-00296 11h ago Pass-the-Hash Detected Informational Resolved WS-LAP-010
ALR-00100 11h ago Pass-the-Hash Detected Informational False Positive SW-CORE-01
ALR-00105 13h ago Privilege Escalation Attempt Low False Positive SRV-DC-01