Credential Stuffing Attempt
Low
False Positive
ALR-00198 · 2026-07-11T17:31:00Z
Description
Credential stuffing attack detected against VPN gateway. 234 unique username/password combinations attempted. Flagged by Endpoint Agent.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
17:31:00
Event ingested by SOC365 Engine
17:31:01
EmilyAI triage started — correlation enrichment
17:31:06
EmilyAI confidence: 82% — escalated to human analyst
17:31:15
Alert assigned to analyst: EmilyAI (auto)
17:31:51
Investigation started — querying SIEM and threat intelligence
17:38:24
Containment action taken — endpoint isolated
17:43:35
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00026 | 3h ago | Privilege Escalation Attempt | Low | Resolved | SRV-WEB-01 |
| ALR-00227 | 3h ago | Credential Stuffing Attempt | Informational | Open | SRV-SQL-01 |
| ALR-00450 | 14h ago | C2 Beacon Activity | High | Escalated | SRV-WEB-01 |
| ALR-00117 | 15h ago | Credential Stuffing Attempt | Medium | Escalated | VM-DEV-01 |
| ALR-00197 | 17h ago | Pass-the-Hash Detected | Low | False Positive | SRV-WEB-01 |