Kerberoasting Attempt
Low
Open
ALR-00494 · 2026-07-10T23:42:11Z
Description
Kerberoasting attack detected: user 'p.thomas' requested TGS tickets for multiple service accounts in 2 minutes. Flagged by Attack Surface Scanner.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
23:42:11
Event ingested by SOC365 Engine
23:42:14
EmilyAI triage started — correlation enrichment
23:42:22
EmilyAI confidence: 95% — escalated to human analyst
23:42:36
Alert assigned to analyst: EmilyAI (auto)
23:43:18
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00300 | 5h ago | Failed MFA Challenge | Medium | Escalated | WS-PC-001 |
| ALR-00276 | 18h ago | Kerberoasting Attempt | Informational | False Positive | SRV-SQL-01 |
| ALR-00438 | 18h ago | C2 Beacon Activity | Low | Open | WS-PC-001 |
| ALR-00317 | 1d ago | Kerberoasting Attempt | Low | False Positive | WS-PC-003 |
| ALR-00087 | 1d ago | Suspicious Scheduled Task | Informational | False Positive | WS-PC-001 |