OPERATIONS / JUL 18, 2026

Good morning, Alex.

Your team is tracking 3 live hunts across the environment.

Active hunts
03

↑ 1 since last week

Evidence captured
127

↑ 18 this week

High-risk CVEs
08

↑ 2 require attention

Hunt coverage
84%

Across critical assets

IN PROGRESS

Active hunts

Suspected APT lateral movement

Investigating

Endpoint telemetry · 18 assets in scope

68%Updated 18m ago

Exchange Server exposure

Evidence collection

Email infrastructure · 6 assets in scope

42%Updated 1h ago

Cloud credential anomaly

Hypothesis validation

Azure AD · 32 identities in scope

25%Updated 3h ago

HUNT WORKSPACE

Suspected APT lateral movement

Scope
Hypothesis
3Collect evidence
4Analyse
5Report

CURRENT HYPOTHESIS

An adversary is moving laterally using compromised credentials and remote service execution.

MITRE T1021MITRE T1078Credential access

COLLECTED EVIDENCE

08 items

4624_logon_events.csvWindows Security Logs · 2.4 MB
✓ Verified
!
Unusual_RDP_connectionsMicrosoft Sentinel alert · High
✓ Verified
Analyst observation #4Manual note · Alex Morgan
Needs review