Failed MFA Challenge
High
Investigating
ALR-00264 · 2026-07-05T02:10:24Z
Description
Multiple failed MFA challenges for user 'k.brown' — 12 push notifications in 3 minutes suggesting MFA fatigue attack. Network IDS locked account.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
02:10:24
Event ingested by SOC365 Engine
02:10:25
EmilyAI triage started — correlation enrichment
02:10:30
EmilyAI confidence: 97% — escalated to human analyst
02:10:57
Alert assigned to analyst: James Okonkwo
02:12:56
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00006 | 10m ago | Phishing Email Blocked | Informational | Investigating | WS-PC-004 |
| ALR-00159 | 20m ago | Unusual Outbound Traffic | High | Escalated | WS-PC-004 |
| ALR-00364 | 1h ago | Unauthorised USB Device | Informational | Open | WS-PC-004 |
| ALR-00446 | 1h ago | Failed MFA Challenge | Medium | Open | WS-PC-006 |
| ALR-00140 | 4h ago | Unusual Outbound Traffic | Informational | Investigating | WS-PC-004 |