Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:07:06 UTC

Failed MFA Challenge

Critical Investigating
ALR-00444 · 2026-05-27T16:45:05Z

Description

Multiple failed MFA challenges for user 'd.walker' — 12 push notifications in 3 minutes suggesting MFA fatigue attack. EmilyAI Triage locked account.

Alert Metadata

Alert ID
ALR-00444
Timestamp
2026-05-27T16:45:05Z
Severity
Critical
Status
Investigating
Detection Source
EmilyAI Triage
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SRV-SQL-01
User Account
d.walker
Source IP
185.238.220.101
Destination IP
10.0.201.126
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1621
Reference
attack.mitre.org/techniques/T1621

Investigation Timeline

16:45:05 Event ingested by SOC365 Engine
16:45:06 EmilyAI triage started — correlation enrichment
16:45:19 EmilyAI confidence: 81% — escalated to human analyst
16:45:28 Alert assigned to analyst: Anika Patel
16:46:58 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00439 17m ago Failed MFA Challenge Medium False Positive SW-CORE-01
ALR-00335 4h ago Failed MFA Challenge Medium Escalated VM-DEV-01
ALR-00108 5h ago Insider Threat Indicator Medium Investigating SRV-SQL-01
ALR-00019 6h ago Failed MFA Challenge Low False Positive SRV-DC-01
ALR-00431 9h ago Data Exfiltration Attempt Medium Resolved SRV-SQL-01