// sample report
AI SOC Triage — Sample Report
Example scenario
An overnight burst of failed logins from a single IP triggers an alert; the analyst asks the copilot to triage.
Executive summary
The activity is consistent with a credential brute-force / password-spray attempt against the VPN portal. One account showed a successful login after many failures and warrants review. Suggested containment: block the source, force a reset on the affected account, and confirm MFA is enforced.
Findings
| ID | Finding | Severity | Mapping |
|---|---|---|---|
| SOC-01 | Brute-force pattern from a single source | High | MITRE ATT&CK T1110 · NIST AC-7 |
| SOC-02 | Successful login after failures | Critical | MITRE ATT&CK T1078 · NIST IA-2 |
Details
SOC-01 · Brute-force pattern from a single source
HighEvidence. 214 failed authentications from one IP in 22 minutes across 40 usernames.
Risk. Automated guessing can succeed against weak or reused passwords.
MITRE ATT&CK T1110 · NIST AC-7
SOC-02 · Successful login after failures
CriticalEvidence. One account authenticated successfully immediately after the failed burst.
Risk. Possible account takeover; the session should be treated as suspect.
MITRE ATT&CK T1078 · NIST IA-2