Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:37:42 UTC

Privilege Escalation Attempt

Low Resolved
ALR-00489 · 2026-07-05T13:10:32Z

Description

User 's.jones' on SRV-SQL-01 attempted to escalate to SYSTEM via token manipulation. Attack Surface Scanner blocked the attempt.

Alert Metadata

Alert ID
ALR-00489
Timestamp
2026-07-05T13:10:32Z
Severity
Low
Status
Resolved
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-SQL-01
User Account
s.jones
Source IP
185.147.220.252
Destination IP
10.2.23.41
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Privilege Escalation
Technique
T1134
Reference
attack.mitre.org/techniques/T1134

Investigation Timeline

13:10:32 Event ingested by SOC365 Engine
13:10:35 EmilyAI triage started — correlation enrichment
13:10:42 EmilyAI confidence: 85% — escalated to human analyst
13:10:50 Alert assigned to analyst: EmilyAI (auto)
13:12:28 Investigation started — querying SIEM and threat intelligence
13:15:12 Containment action taken — endpoint isolated
13:26:54 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00251 2h ago Privilege Escalation Attempt Informational Open AP-WIFI-03
ALR-00357 6h ago Rogue DHCP Server Low Resolved SRV-SQL-01
ALR-00469 13h ago Certificate Anomaly Medium False Positive SRV-SQL-01
ALR-00109 17h ago Malware Signature Match Low Escalated SRV-SQL-01
ALR-00098 21h ago Privilege Escalation Attempt High Investigating SRV-BACKUP-01