Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:40:02 UTC

Brute Force SSH

Medium Resolved
ALR-00019 · 2026-07-09T15:20:51Z

Description

Multiple failed SSH login attempts detected on FW-EDGE-01 from external IP. Cloud Connector flagged 47 attempts in 5 minutes targeting user 'm.taylor'.

Alert Metadata

Alert ID
ALR-00019
Timestamp
2026-07-09T15:20:51Z
Severity
Medium
Status
Resolved
Detection Source
Cloud Connector
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
FW-EDGE-01
User Account
m.taylor
Source IP
185.116.220.96
Destination IP
10.1.79.137
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.001
Reference
attack.mitre.org/techniques/T1110.001

Investigation Timeline

15:20:51 Event ingested by SOC365 Engine
15:20:53 EmilyAI triage started — correlation enrichment
15:21:04 EmilyAI confidence: 81% — escalated to human analyst
15:21:36 Alert assigned to analyst: Sarah Chen
15:23:38 Investigation started — querying SIEM and threat intelligence
15:28:46 Containment action taken — endpoint isolated
15:38:11 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00207 47m ago Suspicious Scheduled Task Medium Resolved FW-EDGE-01
ALR-00369 1h ago Lateral Movement Detected Low Investigating FW-EDGE-01
ALR-00270 3h ago Lateral Movement Detected Medium Open FW-EDGE-01
ALR-00460 4h ago Suspicious Scheduled Task Low Escalated FW-EDGE-01
ALR-00083 6h ago Brute Force SSH Medium False Positive SRV-SQL-01