Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:17:23 UTC

Failed MFA Challenge

Medium Resolved
ALR-00436 · 2026-05-22T02:26:29Z

Description

Multiple failed MFA challenges for user 'p.thomas' — 12 push notifications in 3 minutes suggesting MFA fatigue attack. Endpoint Agent locked account.

Alert Metadata

Alert ID
ALR-00436
Timestamp
2026-05-22T02:26:29Z
Severity
Medium
Status
Resolved
Detection Source
Endpoint Agent
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-PC-006
User Account
p.thomas
Source IP
194.98.62.53
Destination IP
10.1.107.247
Origin Country
FR France

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1621
Reference
attack.mitre.org/techniques/T1621

Investigation Timeline

02:26:29 Event ingested by SOC365 Engine
02:26:30 EmilyAI triage started — correlation enrichment
02:26:44 EmilyAI confidence: 80% — escalated to human analyst
02:27:02 Alert assigned to analyst: Marcus Webb
02:28:27 Investigation started — querying SIEM and threat intelligence
02:33:23 Containment action taken — endpoint isolated
02:37:34 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00151 2h ago DecoyPulse Honeypot Triggered Low Resolved WS-PC-006
ALR-00482 8h ago Malware Signature Match Low Open WS-PC-006
ALR-00421 10h ago Privilege Escalation Attempt Medium False Positive WS-PC-006
ALR-00264 15h ago Privilege Escalation Attempt Low Resolved WS-PC-006
ALR-00009 20h ago Failed MFA Challenge High Open SRV-BACKUP-01