Incident #2024-0145 - Initial Detection

1 min read Advanced Security Topics

Incident #2024-0145 - Initial Detection

Detection Time: 2024-01-15 14:32:00 UTC Detection Method: SIEM Alert - Multiple Failed Authentication Detected By: SOC Analyst - John Smith Initial Severity: Medium

Initial Observations:

47 failed login attempts from IP 192.168.1.105
Target: Domain Controller DC01
Time span: 14:25-14:31 UTC
Account targeted: [email protected]

Immediate Actions Taken:

Screenshot captured of SIEM alert
Account temporarily disabled at 14:33 UTC
Escalated to IR team lead at 14:35 UTC