Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:49:38 UTC

Credential Stuffing Attempt

Low Escalated
ALR-00417 · 2026-07-09T21:03:38Z

Description

Credential stuffing attack detected against VPN gateway. 234 unique username/password combinations attempted. Flagged by Firewall.

Alert Metadata

Alert ID
ALR-00417
Timestamp
2026-07-09T21:03:38Z
Severity
Low
Status
Escalated
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-003
User Account
d.walker
Source IP
185.219.220.111
Destination IP
10.2.12.16
Origin Country
FR France

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.004
Reference
attack.mitre.org/techniques/T1110.004

Investigation Timeline

21:03:38 Event ingested by SOC365 Engine
21:03:39 EmilyAI triage started — correlation enrichment
21:03:53 EmilyAI confidence: 83% — escalated to human analyst
21:04:04 Alert assigned to analyst: EmilyAI (auto)
21:06:32 Investigation started — querying SIEM and threat intelligence
21:13:30 Containment action taken — endpoint isolated
21:20:04 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00119 54m ago Credential Stuffing Attempt Informational Escalated WS-LAP-011
ALR-00078 4h ago Credential Stuffing Attempt Informational Escalated SRV-MAIL-01
ALR-00223 12h ago Credential Stuffing Attempt Informational Escalated SRV-APP-01
ALR-00366 16h ago Credential Stuffing Attempt Low Escalated VM-DEV-01
ALR-00384 17h ago Kerberoasting Attempt High Escalated WS-PC-003