Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 21:03:14 UTC

Credential Stuffing Attempt

High Escalated
ALR-00226 · 2026-05-22T05:44:03Z

Description

Credential stuffing attack detected against VPN gateway. 234 unique username/password combinations attempted. Flagged by DecoyPulse.

Alert Metadata

Alert ID
ALR-00226
Timestamp
2026-05-22T05:44:03Z
Severity
High
Status
Escalated
Detection Source
DecoyPulse
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
WS-LAP-010
User Account
j.smith
Source IP
194.88.62.123
Destination IP
10.2.170.98
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.004
Reference
attack.mitre.org/techniques/T1110.004

Investigation Timeline

05:44:03 Event ingested by SOC365 Engine
05:44:07 EmilyAI triage started — correlation enrichment
05:44:08 EmilyAI confidence: 93% — escalated to human analyst
05:44:24 Alert assigned to analyst: Sarah Chen
05:45:14 Investigation started — querying SIEM and threat intelligence
05:49:06 Containment action taken — endpoint isolated
06:00:12 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00159 2h ago Credential Stuffing Attempt Low False Positive VM-DEV-01
ALR-00152 4h ago Credential Stuffing Attempt Medium False Positive SRV-APP-01
ALR-00223 4h ago Credential Stuffing Attempt Informational False Positive SRV-BACKUP-01
ALR-00056 6h ago Suspicious PowerShell Execution Low False Positive WS-LAP-010
ALR-00100 6h ago Anomalous DNS Query Informational Resolved WS-LAP-010