Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:11:13 UTC

Credential Stuffing Attempt

Medium Escalated
ALR-00500 · 2026-05-26T09:49:54Z

Description

Credential stuffing attack detected against VPN gateway. 234 unique username/password combinations attempted. Flagged by DecoyPulse.

Alert Metadata

Alert ID
ALR-00500
Timestamp
2026-05-26T09:49:54Z
Severity
Medium
Status
Escalated
Detection Source
DecoyPulse
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-WEB-01
User Account
m.taylor
Source IP
194.1.62.206
Destination IP
10.2.246.5
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.004
Reference
attack.mitre.org/techniques/T1110.004

Investigation Timeline

09:49:54 Event ingested by SOC365 Engine
09:49:56 EmilyAI triage started — correlation enrichment
09:50:08 EmilyAI confidence: 96% — escalated to human analyst
09:50:29 Alert assigned to analyst: Marcus Webb
09:52:23 Investigation started — querying SIEM and threat intelligence
09:56:11 Containment action taken — endpoint isolated
10:06:57 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00227 2h ago DecoyPulse Honeypot Triggered Informational Resolved SRV-WEB-01
ALR-00150 7h ago Data Exfiltration Attempt Medium Resolved SRV-WEB-01
ALR-00324 8h ago Lateral Movement Detected Low Open SRV-WEB-01
ALR-00315 11h ago Credential Stuffing Attempt Medium Escalated SRV-APP-01
ALR-00069 17h ago Suspicious Scheduled Task Medium Escalated SRV-WEB-01