Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:50:10 UTC

Credential Stuffing Attempt

Low Escalated
ALR-00375 · 2026-07-07T13:05:03Z

Description

Credential stuffing attack detected against VPN gateway. 234 unique username/password combinations attempted. Flagged by Firewall.

Alert Metadata

Alert ID
ALR-00375
Timestamp
2026-07-07T13:05:03Z
Severity
Low
Status
Escalated
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
VM-DEV-01
User Account
e.evans
Source IP
103.24.216.251
Destination IP
10.1.128.85
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.004
Reference
attack.mitre.org/techniques/T1110.004

Investigation Timeline

13:05:03 Event ingested by SOC365 Engine
13:05:07 EmilyAI triage started — correlation enrichment
13:05:08 EmilyAI confidence: 82% — escalated to human analyst
13:05:18 Alert assigned to analyst: EmilyAI (auto)
13:06:28 Investigation started — querying SIEM and threat intelligence
13:12:17 Containment action taken — endpoint isolated
13:18:08 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00462 7h ago Insider Threat Indicator Medium False Positive VM-DEV-01
ALR-00410 13h ago Rogue DHCP Server Informational Escalated VM-DEV-01
ALR-00235 18h ago Certificate Anomaly Low False Positive VM-DEV-01
ALR-00177 1d ago Privilege Escalation Attempt Medium Open VM-DEV-01
ALR-00095 1d ago Credential Stuffing Attempt Medium Open SRV-DC-01