Failed MFA Challenge
Informational
Open
ALR-00309 · 2026-07-07T20:39:27Z
Description
Multiple failed MFA challenges for user 'p.thomas' — 12 push notifications in 3 minutes suggesting MFA fatigue attack. Cloud Connector locked account.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
20:39:27
Event ingested by SOC365 Engine
20:39:28
EmilyAI triage started — correlation enrichment
20:39:40
EmilyAI confidence: 81% — escalated to human analyst
20:39:54
Alert assigned to analyst: EmilyAI (auto)
20:42:20
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00365 | 56m ago | Lateral Movement Detected | Low | Escalated | WS-LAP-012 |
| ALR-00474 | 1h ago | Failed MFA Challenge | Medium | Resolved | WS-LAP-012 |
| ALR-00228 | 2h ago | Unusual Outbound Traffic | Low | Resolved | WS-LAP-012 |
| ALR-00267 | 11h ago | Failed MFA Challenge | Low | Resolved | SRV-MAIL-01 |
| ALR-00374 | 16h ago | Failed MFA Challenge | Informational | Resolved | WS-PC-006 |