Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:09:59 UTC

Kerberoasting Attempt

Medium False Positive
ALR-00485 · 2026-05-27T18:30:13Z

Description

Kerberoasting attack detected: user 'r.davies' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by DecoyPulse.

Alert Metadata

Alert ID
ALR-00485
Timestamp
2026-05-27T18:30:13Z
Severity
Medium
Status
False Positive
Detection Source
DecoyPulse
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
FW-EDGE-01
User Account
r.davies
Source IP
45.80.148.98
Destination IP
10.3.205.176
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1558.003
Reference
attack.mitre.org/techniques/T1558.003

Investigation Timeline

18:30:13 Event ingested by SOC365 Engine
18:30:17 EmilyAI triage started — correlation enrichment
18:30:25 EmilyAI confidence: 96% — escalated to human analyst
18:30:31 Alert assigned to analyst: Anika Patel
18:31:13 Investigation started — querying SIEM and threat intelligence
18:38:34 Containment action taken — endpoint isolated
18:45:20 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00275 1h ago Kerberoasting Attempt Low Open WS-PC-003
ALR-00293 2h ago Unauthorised USB Device Informational Escalated FW-EDGE-01
ALR-00254 3h ago Kerberoasting Attempt Critical Open WS-PC-003
ALR-00366 6h ago Tor Exit Node Connection Low False Positive FW-EDGE-01
ALR-00153 7h ago Suspicious Scheduled Task Medium Escalated FW-EDGE-01