Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:37:27 UTC

Failed MFA Challenge

Low False Positive
ALR-00181 · 2026-07-08T09:07:57Z

Description

Multiple failed MFA challenges for user 'j.smith' — 12 push notifications in 3 minutes suggesting MFA fatigue attack. Attack Surface Scanner locked account.

Alert Metadata

Alert ID
ALR-00181
Timestamp
2026-07-08T09:07:57Z
Severity
Low
Status
False Positive
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-012
User Account
j.smith
Source IP
45.205.148.61
Destination IP
10.0.85.164
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1621
Reference
attack.mitre.org/techniques/T1621

Investigation Timeline

09:07:57 Event ingested by SOC365 Engine
09:08:02 EmilyAI triage started — correlation enrichment
09:08:06 EmilyAI confidence: 78% — escalated to human analyst
09:08:12 Alert assigned to analyst: EmilyAI (auto)
09:09:58 Investigation started — querying SIEM and threat intelligence
09:12:39 Containment action taken — endpoint isolated
09:22:42 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00354 46m ago Failed MFA Challenge Informational Resolved SRV-APP-01
ALR-00385 3h ago Port Scan Detected Medium False Positive WS-LAP-012
ALR-00357 4h ago Brute Force SSH Medium False Positive WS-LAP-012
ALR-00368 4h ago Credential Stuffing Attempt Low Investigating WS-LAP-012
ALR-00412 7h ago Lateral Movement Detected Low Escalated WS-LAP-012