Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:39:51 UTC

Brute Force SSH

High Investigating
ALR-00041 · 2026-07-05T03:47:23Z

Description

Multiple failed SSH login attempts detected on SRV-FILE-01 from external IP. Endpoint Agent flagged 47 attempts in 5 minutes targeting user 'a.wilson'.

Alert Metadata

Alert ID
ALR-00041
Timestamp
2026-07-05T03:47:23Z
Severity
High
Status
Investigating
Detection Source
Endpoint Agent
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SRV-FILE-01
User Account
a.wilson
Source IP
185.8.220.190
Destination IP
10.1.250.42
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.001
Reference
attack.mitre.org/techniques/T1110.001

Investigation Timeline

03:47:23 Event ingested by SOC365 Engine
03:47:27 EmilyAI triage started — correlation enrichment
03:47:30 EmilyAI confidence: 85% — escalated to human analyst
03:47:44 Alert assigned to analyst: Anika Patel
03:49:44 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00240 11h ago Brute Force SSH Medium Escalated WS-LAP-011
ALR-00104 13h ago Kerberoasting Attempt Informational False Positive SRV-FILE-01
ALR-00406 16h ago DLP Policy Violation Low Escalated SRV-FILE-01
ALR-00070 16h ago Phishing Email Blocked Medium Escalated SRV-FILE-01
ALR-00089 1d ago Brute Force SSH Medium Escalated SRV-FILE-01