Session • threat hunt
Lateral movement investigation
Synthetic lateral-movement investigation with forensic export, threat-intel block, privilege and containment proposals.
PreviewAll sessions
2026-05-18•12:00-16:00 AEST•IR agent
Action attempts
8
Authorized
3
Review
3
Blocked
2
Top reason
authority and state sufficient
Selected action • Lateral movement investigation
Forensic data export - 12:08
Export forensic evidence from an engineering host showing lateral-movement signal.
- Target
- Engineering host with lateral-movement signal
- eng-ws-082.corp.example
- Scope
- Single endpoint
- Proposed by
- IR agent
- agent-soc-ir-02
- Reason
- Authority and state sufficient