Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:36:59 UTC

Failed MFA Challenge

Low Open
ALR-00210 · 2026-07-07T01:37:53Z

Description

Multiple failed MFA challenges for user 'k.brown' — 12 push notifications in 3 minutes suggesting MFA fatigue attack. SOC365 Engine locked account.

Alert Metadata

Alert ID
ALR-00210
Timestamp
2026-07-07T01:37:53Z
Severity
Low
Status
Open
Detection Source
SOC365 Engine
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-APP-01
User Account
k.brown
Source IP
103.134.216.245
Destination IP
10.3.95.203
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1621
Reference
attack.mitre.org/techniques/T1621

Investigation Timeline

01:37:53 Event ingested by SOC365 Engine
01:37:56 EmilyAI triage started — correlation enrichment
01:37:59 EmilyAI confidence: 95% — escalated to human analyst
01:38:38 Alert assigned to analyst: EmilyAI (auto)
01:38:46 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00095 1h ago Lateral Movement Detected Low Resolved SRV-APP-01
ALR-00230 2h ago Unauthorised USB Device Medium Open SRV-APP-01
ALR-00269 8h ago Credential Stuffing Attempt Medium Escalated SRV-APP-01
ALR-00195 20h ago Privilege Escalation Attempt Medium False Positive SRV-APP-01
ALR-00018 21h ago Lateral Movement Detected Informational False Positive SRV-APP-01