Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:53:35 UTC

Brute Force SSH

Informational False Positive
ALR-00019 · 2026-04-09T22:37:24Z

Description

Multiple failed SSH login attempts detected on WS-PC-001 from external IP. DecoyPulse flagged 47 attempts in 5 minutes targeting user 'f.hall'.

Alert Metadata

Alert ID
ALR-00019
Timestamp
2026-04-09T22:37:24Z
Severity
Informational
Status
False Positive
Detection Source
DecoyPulse
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-001
User Account
f.hall
Source IP
45.228.148.213
Destination IP
10.1.153.8
Origin Country
FR France

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.001
Reference
attack.mitre.org/techniques/T1110.001

Investigation Timeline

22:37:24 Event ingested by SOC365 Engine
22:37:26 EmilyAI triage started — correlation enrichment
22:37:32 EmilyAI confidence: 90% — escalated to human analyst
22:38:05 Alert assigned to analyst: EmilyAI (auto)
22:38:43 Investigation started — querying SIEM and threat intelligence
22:44:19 Containment action taken — endpoint isolated
22:54:37 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00353 2h ago C2 Beacon Activity High Escalated WS-PC-001
ALR-00255 2h ago Brute Force SSH Medium False Positive WS-PC-004
ALR-00464 5h ago Brute Force SSH Medium Investigating WS-LAP-010
ALR-00173 12h ago Port Scan Detected Informational Open WS-PC-001
ALR-00096 16h ago Suspicious Scheduled Task Informational Investigating WS-PC-001