Brute Force SSH
Medium
Resolved
ALR-00019 · 2026-07-09T15:20:51Z
Description
Multiple failed SSH login attempts detected on FW-EDGE-01 from external IP. Cloud Connector flagged 47 attempts in 5 minutes targeting user 'm.taylor'.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
15:20:51
Event ingested by SOC365 Engine
15:20:53
EmilyAI triage started — correlation enrichment
15:21:04
EmilyAI confidence: 81% — escalated to human analyst
15:21:36
Alert assigned to analyst: Sarah Chen
15:23:38
Investigation started — querying SIEM and threat intelligence
15:28:46
Containment action taken — endpoint isolated
15:38:11
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00207 | 47m ago | Suspicious Scheduled Task | Medium | Resolved | FW-EDGE-01 |
| ALR-00369 | 1h ago | Lateral Movement Detected | Low | Investigating | FW-EDGE-01 |
| ALR-00270 | 3h ago | Lateral Movement Detected | Medium | Open | FW-EDGE-01 |
| ALR-00460 | 4h ago | Suspicious Scheduled Task | Low | Escalated | FW-EDGE-01 |
| ALR-00083 | 6h ago | Brute Force SSH | Medium | False Positive | SRV-SQL-01 |