Failed MFA Challenge
Informational
Escalated
ALR-00174 · 2026-07-09T11:22:14Z
Description
Multiple failed MFA challenges for user 's.jones' — 12 push notifications in 3 minutes suggesting MFA fatigue attack. Attack Surface Scanner locked account.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:22:14
Event ingested by SOC365 Engine
11:22:17
EmilyAI triage started — correlation enrichment
11:22:23
EmilyAI confidence: 90% — escalated to human analyst
11:22:59
Alert assigned to analyst: EmilyAI (auto)
11:24:04
Investigation started — querying SIEM and threat intelligence
11:30:29
Containment action taken — endpoint isolated
11:36:36
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00334 | 3h ago | Failed MFA Challenge | Low | Open | WS-PC-001 |
| ALR-00206 | 5h ago | Shadow IT Discovery | Low | Resolved | WS-LAP-012 |
| ALR-00338 | 9h ago | Failed MFA Challenge | Informational | Escalated | SRV-APP-01 |
| ALR-00111 | 13h ago | Failed MFA Challenge | Informational | Open | SRV-FILE-01 |
| ALR-00047 | 20h ago | Brute Force SSH | Low | Escalated | WS-LAP-012 |