Kerberoasting Attempt
Medium
Resolved
ALR-00488 · 2026-07-04T23:28:02Z
Description
Kerberoasting attack detected: user 'system' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by EmilyAI Triage.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
23:28:02
Event ingested by SOC365 Engine
23:28:06
EmilyAI triage started — correlation enrichment
23:28:12
EmilyAI confidence: 98% — escalated to human analyst
23:28:24
Alert assigned to analyst: James Okonkwo
23:29:12
Investigation started — querying SIEM and threat intelligence
23:34:30
Containment action taken — endpoint isolated
23:46:12
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00136 | 52m ago | Kerberoasting Attempt | Critical | Escalated | WS-PC-004 |
| ALR-00479 | 3h ago | Kerberoasting Attempt | Low | Resolved | WS-PC-006 |
| ALR-00021 | 4h ago | Suspicious Scheduled Task | Low | False Positive | SRV-BACKUP-01 |
| ALR-00255 | 4h ago | Kerberoasting Attempt | Low | Resolved | WS-PC-002 |
| ALR-00476 | 6h ago | Kerberoasting Attempt | Low | Resolved | WS-PC-002 |