Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:13:55 UTC

Pass-the-Hash Detected

Low Resolved
ALR-00496 · 2026-05-23T15:05:12Z

Description

Pass-the-Hash technique detected on SRV-FILE-01. NTLM authentication from 'm.taylor' without standard Kerberos ticket. Dark Web Monitor flagged.

Alert Metadata

Alert ID
ALR-00496
Timestamp
2026-05-23T15:05:12Z
Severity
Low
Status
Resolved
Detection Source
Dark Web Monitor
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-FILE-01
User Account
m.taylor
Source IP
103.99.216.149
Destination IP
10.1.195.170
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Lateral Movement
Technique
T1550.002
Reference
attack.mitre.org/techniques/T1550.002

Investigation Timeline

15:05:12 Event ingested by SOC365 Engine
15:05:15 EmilyAI triage started — correlation enrichment
15:05:21 EmilyAI confidence: 94% — escalated to human analyst
15:05:47 Alert assigned to analyst: EmilyAI (auto)
15:07:24 Investigation started — querying SIEM and threat intelligence
15:08:51 Containment action taken — endpoint isolated
15:24:30 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00205 1h ago Pass-the-Hash Detected Low False Positive SRV-FILE-01
ALR-00188 1h ago Rogue DHCP Server Medium Open SRV-FILE-01
ALR-00248 5h ago Kerberoasting Attempt Medium False Positive SRV-FILE-01
ALR-00454 10h ago Pass-the-Hash Detected Medium Open SRV-APP-01
ALR-00411 17h ago Pass-the-Hash Detected Informational Investigating SRV-APP-01