Failed MFA Challenge
Medium
Open
ALR-00331 · 2026-07-11T06:58:42Z
Description
Multiple failed MFA challenges for user 'system' — 12 push notifications in 3 minutes suggesting MFA fatigue attack. EmilyAI Triage locked account.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
06:58:42
Event ingested by SOC365 Engine
06:58:45
EmilyAI triage started — correlation enrichment
06:58:47
EmilyAI confidence: 94% — escalated to human analyst
06:59:01
Alert assigned to analyst: Emma Richardson
07:01:12
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00090 | 31m ago | Privilege Escalation Attempt | High | Investigating | SRV-DC-01 |
| ALR-00218 | 1h ago | Failed MFA Challenge | Low | Open | WS-LAP-010 |
| ALR-00109 | 2h ago | Rogue DHCP Server | Medium | Investigating | SRV-DC-01 |
| ALR-00145 | 5h ago | Failed MFA Challenge | High | Escalated | SW-CORE-01 |
| ALR-00043 | 6h ago | Ransomware Behaviour Detected | Medium | False Positive | SRV-DC-01 |