Question/Issue
What should I do if an alert is triggered for an unauthorized login attempt to a secure system?
Cause
An external party may be attempting to access the system using stolen or guessed credentials.
Resolution
- Immediately block the suspicious IP address or source of the login attempt.
- Reset credentials (passwords, security questions) for any affected user accounts.
- Notify users of the incident and advise them to monitor for unusual activity.
- Review system logs for additional unauthorized attempts or suspicious behavior.
- Increase monitoring of the affected system for a period after the incident.
- Consider enabling multi-factor authentication (MFA) if not already in place.
- Report the incident to your organization’s information security team.