Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:03:14 UTC

Failed MFA Challenge

Medium False Positive
ALR-00466 · 2026-05-22T04:10:26Z

Description

Multiple failed MFA challenges for user 'd.walker' — 12 push notifications in 3 minutes suggesting MFA fatigue attack. Endpoint Agent locked account.

Alert Metadata

Alert ID
ALR-00466
Timestamp
2026-05-22T04:10:26Z
Severity
Medium
Status
False Positive
Detection Source
Endpoint Agent
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-FILE-01
User Account
d.walker
Source IP
194.248.62.161
Destination IP
10.1.77.140
Origin Country
FR France

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1621
Reference
attack.mitre.org/techniques/T1621

Investigation Timeline

04:10:26 Event ingested by SOC365 Engine
04:10:29 EmilyAI triage started — correlation enrichment
04:10:34 EmilyAI confidence: 94% — escalated to human analyst
04:10:56 Alert assigned to analyst: Marcus Webb
04:11:46 Investigation started — querying SIEM and threat intelligence
04:17:13 Containment action taken — endpoint isolated
04:25:16 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00029 25m ago Brute Force SSH Low Escalated SRV-FILE-01
ALR-00278 14h ago Failed MFA Challenge Informational Resolved WS-PC-003
ALR-00452 21h ago Failed MFA Challenge Low Open AP-WIFI-03
ALR-00323 23h ago Failed MFA Challenge High Investigating SRV-SQL-01
ALR-00455 1d ago Shadow IT Discovery Informational Resolved SRV-FILE-01