Active alert
Unusual login from new location
Medium severity
The user j.doe is normally based in Maryland, USA and typically logs in during US business hours from a corporate laptop. The SIEM has raised an alert for a successful login from a new country and device at an unusual time.
Investigation log
No steps taken yet. Start by choosing an action above.
Waiting
Analyst workspace
Step 1 · Triage
You are acting as a Tier 1 SOC analyst. Your goal is to decide whether this alert looks like a false positive (normal user behavior) or a potential account compromise. Use the options on the left to gather context before you make a decision.
Final decision (not made yet)
Once you’ve reviewed enough context, you’ll choose how to handle this alert: escalate, force a password reset, or close it as benign.
Once you’ve reviewed enough context, you’ll choose how to handle this alert: escalate, force a password reset, or close it as benign.