Failed MFA Challenge

Low Resolved

ALR-00116 · 2026-04-09T22:50:26Z

Description

Multiple failed MFA challenges for user 'e.evans' — 12 push notifications in 3 minutes suggesting MFA fatigue attack. Dark Web Monitor locked account.

Alert Metadata

Alert ID: ALR-00116
Timestamp: 2026-04-09T22:50:26Z
Severity: Low
Status: Resolved
Detection Source: Dark Web Monitor
Assigned Analyst: EmilyAI (auto)

Endpoint Information

Hostname: SRV-MAIL-01
User Account: e.evans
Source IP: 45.193.148.198
Destination IP: 10.0.242.59
Origin Country: VN Vietnam

MITRE ATT&CK Mapping

Tactic: Credential Access
Technique: T1621
Reference: attack.mitre.org/techniques/T1621

Investigation Timeline

22:50:26 Event ingested by SOC365 Engine

22:50:29 EmilyAI triage started — correlation enrichment

22:50:34 EmilyAI confidence: 96% — escalated to human analyst

22:50:50 Alert assigned to analyst: EmilyAI (auto)

22:51:51 Investigation started — querying SIEM and threat intelligence

22:56:21 Containment action taken — endpoint isolated

23:00:37 Alert resolved — remediation complete

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00006	43m ago	Certificate Anomaly	Low	Investigating	SRV-MAIL-01
ALR-00036	5h ago	Kerberoasting Attempt	Informational	Resolved	SRV-MAIL-01
ALR-00452	10h ago	C2 Beacon Activity	Informational	Investigating	SRV-MAIL-01
ALR-00081	21h ago	Insider Threat Indicator	Medium	Resolved	SRV-MAIL-01
ALR-00097	1d ago	Data Exfiltration Attempt	Informational	Resolved	SRV-MAIL-01