Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:48:32 UTC

Credential Stuffing Attempt

Low Open
ALR-00292 · 2026-07-05T14:38:31Z

Description

Credential stuffing attack detected against VPN gateway. 234 unique username/password combinations attempted. Flagged by Email Gateway.

Alert Metadata

Alert ID
ALR-00292
Timestamp
2026-07-05T14:38:31Z
Severity
Low
Status
Open
Detection Source
Email Gateway
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-DC-01
User Account
r.davies
Source IP
185.253.220.99
Destination IP
10.2.29.211
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.004
Reference
attack.mitre.org/techniques/T1110.004

Investigation Timeline

14:38:31 Event ingested by SOC365 Engine
14:38:32 EmilyAI triage started — correlation enrichment
14:38:43 EmilyAI confidence: 88% — escalated to human analyst
14:39:03 Alert assigned to analyst: EmilyAI (auto)
14:41:14 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00366 27m ago Kerberoasting Attempt Medium Escalated SRV-DC-01
ALR-00251 18h ago Ransomware Behaviour Detected Low Resolved SRV-DC-01
ALR-00128 22h ago Credential Stuffing Attempt Informational Open WS-PC-006
ALR-00287 22h ago Credential Stuffing Attempt Medium Escalated SRV-WEB-01
ALR-00261 23h ago Suspicious Scheduled Task Informational False Positive SRV-DC-01