Failed MFA Challenge
Low
False Positive
ALR-00217 · 2026-07-06T15:50:22Z
Description
Multiple failed MFA challenges for user 'm.taylor' — 12 push notifications in 3 minutes suggesting MFA fatigue attack. Dark Web Monitor locked account.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
15:50:22
Event ingested by SOC365 Engine
15:50:23
EmilyAI triage started — correlation enrichment
15:50:34
EmilyAI confidence: 83% — escalated to human analyst
15:51:05
Alert assigned to analyst: EmilyAI (auto)
15:51:33
Investigation started — querying SIEM and threat intelligence
15:55:53
Containment action taken — endpoint isolated
16:09:46
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00119 | 3h ago | Shadow IT Discovery | Low | Escalated | SRV-WEB-01 |
| ALR-00470 | 3h ago | Suspicious PowerShell Execution | Low | Open | SRV-WEB-01 |
| ALR-00106 | 10h ago | Privilege Escalation Attempt | Medium | Open | SRV-WEB-01 |
| ALR-00189 | 1d ago | Failed MFA Challenge | Low | False Positive | SRV-FILE-01 |
| ALR-00128 | 1d ago | Failed MFA Challenge | Low | False Positive | SRV-SQL-01 |