Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:01:37 UTC

Failed MFA Challenge

Medium Escalated
ALR-00253 · 2026-05-20T20:03:53Z

Description

Multiple failed MFA challenges for user 'm.taylor' — 12 push notifications in 3 minutes suggesting MFA fatigue attack. DecoyPulse locked account.

Alert Metadata

Alert ID
ALR-00253
Timestamp
2026-05-20T20:03:53Z
Severity
Medium
Status
Escalated
Detection Source
DecoyPulse
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
WS-PC-004
User Account
m.taylor
Source IP
103.12.216.108
Destination IP
10.3.198.26
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1621
Reference
attack.mitre.org/techniques/T1621

Investigation Timeline

20:03:53 Event ingested by SOC365 Engine
20:03:58 EmilyAI triage started — correlation enrichment
20:04:06 EmilyAI confidence: 93% — escalated to human analyst
20:04:17 Alert assigned to analyst: Anika Patel
20:06:09 Investigation started — querying SIEM and threat intelligence
20:13:18 Containment action taken — endpoint isolated
20:23:11 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00141 16h ago Failed MFA Challenge Medium Investigating AP-WIFI-03
ALR-00100 18h ago C2 Beacon Activity Informational Open WS-PC-004
ALR-00291 23h ago Pass-the-Hash Detected Medium Escalated WS-PC-004
ALR-00410 1d ago Brute Force SSH Low Escalated WS-PC-004
ALR-00366 1d ago Anomalous DNS Query Low Resolved WS-PC-004