Failed MFA Challenge
Low
False Positive
ALR-00181 · 2026-07-08T09:07:57Z
Description
Multiple failed MFA challenges for user 'j.smith' — 12 push notifications in 3 minutes suggesting MFA fatigue attack. Attack Surface Scanner locked account.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
09:07:57
Event ingested by SOC365 Engine
09:08:02
EmilyAI triage started — correlation enrichment
09:08:06
EmilyAI confidence: 78% — escalated to human analyst
09:08:12
Alert assigned to analyst: EmilyAI (auto)
09:09:58
Investigation started — querying SIEM and threat intelligence
09:12:39
Containment action taken — endpoint isolated
09:22:42
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00354 | 46m ago | Failed MFA Challenge | Informational | Resolved | SRV-APP-01 |
| ALR-00385 | 3h ago | Port Scan Detected | Medium | False Positive | WS-LAP-012 |
| ALR-00357 | 4h ago | Brute Force SSH | Medium | False Positive | WS-LAP-012 |
| ALR-00368 | 4h ago | Credential Stuffing Attempt | Low | Investigating | WS-LAP-012 |
| ALR-00412 | 7h ago | Lateral Movement Detected | Low | Escalated | WS-LAP-012 |