Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:39:04 UTC

Failed MFA Challenge

Informational Resolved
ALR-00113 · 2026-07-08T11:24:23Z

Description

Multiple failed MFA challenges for user 'system' — 12 push notifications in 3 minutes suggesting MFA fatigue attack. Dark Web Monitor locked account.

Alert Metadata

Alert ID
ALR-00113
Timestamp
2026-07-08T11:24:23Z
Severity
Informational
Status
Resolved
Detection Source
Dark Web Monitor
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
system
Source IP
194.139.62.70
Destination IP
10.2.69.143
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1621
Reference
attack.mitre.org/techniques/T1621

Investigation Timeline

11:24:23 Event ingested by SOC365 Engine
11:24:26 EmilyAI triage started — correlation enrichment
11:24:28 EmilyAI confidence: 95% — escalated to human analyst
11:24:54 Alert assigned to analyst: EmilyAI (auto)
11:26:59 Investigation started — querying SIEM and threat intelligence
11:32:13 Containment action taken — endpoint isolated
11:38:42 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00354 58m ago Lateral Movement Detected High Investigating SRV-BACKUP-01
ALR-00423 2h ago Suspicious Scheduled Task High Open SRV-BACKUP-01
ALR-00311 3h ago Failed MFA Challenge High Escalated SW-CORE-01
ALR-00096 3h ago Failed MFA Challenge High Investigating WS-PC-002
ALR-00086 5h ago Unauthorised USB Device Medium Escalated SRV-BACKUP-01