Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:19:11 UTC

Credential Stuffing Attempt

Low Escalated
ALR-00370 · 2026-04-11T16:13:17Z

Description

Credential stuffing attack detected against VPN gateway. 234 unique username/password combinations attempted. Flagged by Firewall.

Alert Metadata

Alert ID
ALR-00370
Timestamp
2026-04-11T16:13:17Z
Severity
Low
Status
Escalated
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
n.clark
Source IP
194.164.62.111
Destination IP
10.0.107.240
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.004
Reference
attack.mitre.org/techniques/T1110.004

Investigation Timeline

16:13:17 Event ingested by SOC365 Engine
16:13:22 EmilyAI triage started — correlation enrichment
16:13:23 EmilyAI confidence: 82% — escalated to human analyst
16:13:57 Alert assigned to analyst: EmilyAI (auto)
16:14:25 Investigation started — querying SIEM and threat intelligence
16:23:02 Containment action taken — endpoint isolated
16:25:00 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00498 31m ago Rogue DHCP Server Medium False Positive SRV-BACKUP-01
ALR-00349 7h ago Credential Stuffing Attempt Medium Resolved FW-EDGE-01
ALR-00457 12h ago Privilege Escalation Attempt Medium False Positive SRV-BACKUP-01
ALR-00010 15h ago Tor Exit Node Connection Low Escalated SRV-BACKUP-01
ALR-00229 20h ago Data Exfiltration Attempt Low Resolved SRV-BACKUP-01