Privilege Escalation Attempt
Low
Resolved
ALR-00489 · 2026-07-05T13:10:32Z
Description
User 's.jones' on SRV-SQL-01 attempted to escalate to SYSTEM via token manipulation. Attack Surface Scanner blocked the attempt.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
13:10:32
Event ingested by SOC365 Engine
13:10:35
EmilyAI triage started — correlation enrichment
13:10:42
EmilyAI confidence: 85% — escalated to human analyst
13:10:50
Alert assigned to analyst: EmilyAI (auto)
13:12:28
Investigation started — querying SIEM and threat intelligence
13:15:12
Containment action taken — endpoint isolated
13:26:54
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00251 | 2h ago | Privilege Escalation Attempt | Informational | Open | AP-WIFI-03 |
| ALR-00357 | 6h ago | Rogue DHCP Server | Low | Resolved | SRV-SQL-01 |
| ALR-00469 | 13h ago | Certificate Anomaly | Medium | False Positive | SRV-SQL-01 |
| ALR-00109 | 17h ago | Malware Signature Match | Low | Escalated | SRV-SQL-01 |
| ALR-00098 | 21h ago | Privilege Escalation Attempt | High | Investigating | SRV-BACKUP-01 |