Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:53:29 UTC

Credential Stuffing Attempt

Medium Resolved
ALR-00063 · 2026-05-25T15:34:07Z

Description

Credential stuffing attack detected against VPN gateway. 234 unique username/password combinations attempted. Flagged by DLP Module.

Alert Metadata

Alert ID
ALR-00063
Timestamp
2026-05-25T15:34:07Z
Severity
Medium
Status
Resolved
Detection Source
DLP Module
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-MAIL-01
User Account
k.brown
Source IP
45.2.148.102
Destination IP
10.1.246.173
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.004
Reference
attack.mitre.org/techniques/T1110.004

Investigation Timeline

15:34:07 Event ingested by SOC365 Engine
15:34:09 EmilyAI triage started — correlation enrichment
15:34:18 EmilyAI confidence: 90% — escalated to human analyst
15:34:44 Alert assigned to analyst: Marcus Webb
15:35:33 Investigation started — querying SIEM and threat intelligence
15:41:23 Containment action taken — endpoint isolated
15:53:22 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00448 3h ago Brute Force SSH Low Open SRV-MAIL-01
ALR-00042 3h ago Ransomware Behaviour Detected Informational Escalated SRV-MAIL-01
ALR-00165 10h ago Credential Stuffing Attempt Low Open WS-MAC-005
ALR-00439 18h ago Pass-the-Hash Detected Informational False Positive SRV-MAIL-01
ALR-00081 1d ago Credential Stuffing Attempt Informational Escalated WS-MAC-005