MicroSOC
MB

Muath Al Badi

Security Analyst

Back to Cases

Suspicious Login Activity

CASE-1232Created on 3/20/2023Updated 3/21/2023, 9:15:00 AM
Status
Priority
Assignee
MBMuath Al Badi
Due Date
Apr 5, 5:00 PM980d overdue
suspicious-login
account-security
potential-compromise
MB
Muath Al Badi3/20/2023, 3:30:00 PM

I've started investigating this case. Initial findings suggest this might be related to a compromised account.

FZ
Fatima Al Zeedi3/20/2023, 4:45:00 PM

I've checked the logs and found multiple failed login attempts from different IP addresses before the successful login.

MF
Mohammed Al Farsi3/20/2023, 5:15:00 PM

Good catch. Let's implement a temporary block on the account and notify the user.

MB
Case Timeline
Chronological history of case activities
Case created
By John Doe3/20/2023, 2:30:00 PM
Status changed from Open to In Progress
By John Doe3/20/2023, 2:35:00 PM
Added a comment
By John Doe3/20/2023, 3:30:00 PM
Added artifact: login_logs.txt
By John Doe3/20/2023, 3:45:00 PM
Added a comment
By Jane Smith3/20/2023, 4:45:00 PM
Added artifact: ip_analysis.pdf
By Jane Smith3/20/2023, 4:30:00 PM
Added a comment
By John Doe3/20/2023, 5:15:00 PM
Added artifact: screenshot.png
By John Doe3/20/2023, 5:00:00 PM
Case Details
Information about this security case

Description

Multiple login attempts detected from unusual locations followed by successful login and suspicious account activity.

Status

in progress

Severity

high

Category

Account Compromise

Due Date

Dec 10, 8:40 AM8h left

Affected User

ahmed.albalushi@example.com

Assignee

MBMuath Al Badi

Reporter

FZFatima Al Zeedi

Detection Source

SIEM Alert

Impact Level

Medium

Created

3/20/2023, 2:30:00 PM

Tags

suspicious-login
account-security
potential-compromise
Actions
Available actions for this case
Quick Actions
Case Management