Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:38:39 UTC

Credential Stuffing Attempt

Informational Escalated
ALR-00071 · 2026-07-05T20:23:51Z

Description

Credential stuffing attack detected against VPN gateway. 234 unique username/password combinations attempted. Flagged by Dark Web Monitor.

Alert Metadata

Alert ID
ALR-00071
Timestamp
2026-07-05T20:23:51Z
Severity
Informational
Status
Escalated
Detection Source
Dark Web Monitor
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-001
User Account
j.smith
Source IP
185.95.220.208
Destination IP
10.0.18.90
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.004
Reference
attack.mitre.org/techniques/T1110.004

Investigation Timeline

20:23:51 Event ingested by SOC365 Engine
20:23:52 EmilyAI triage started — correlation enrichment
20:24:06 EmilyAI confidence: 83% — escalated to human analyst
20:24:23 Alert assigned to analyst: EmilyAI (auto)
20:25:41 Investigation started — querying SIEM and threat intelligence
20:29:41 Containment action taken — endpoint isolated
20:38:05 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00421 1h ago Unauthorised USB Device High Escalated WS-PC-001
ALR-00201 8h ago Credential Stuffing Attempt Medium Resolved SRV-DC-01
ALR-00118 9h ago Credential Stuffing Attempt Informational False Positive WS-LAP-010
ALR-00489 14h ago Credential Stuffing Attempt Low False Positive WS-PC-006
ALR-00159 21h ago Privilege Escalation Attempt Low Escalated WS-PC-001