Brute Force SSH

Medium Open

ALR-00076 · 2026-04-06T16:21:41Z

Description

Multiple failed SSH login attempts detected on WS-PC-004 from external IP. Dark Web Monitor flagged 47 attempts in 5 minutes targeting user 'm.taylor'.

Alert Metadata

Alert ID: ALR-00076
Timestamp: 2026-04-06T16:21:41Z
Severity: Medium
Status: Open
Detection Source: Dark Web Monitor
Assigned Analyst: Anika Patel

Endpoint Information

Hostname: WS-PC-004
User Account: m.taylor
Source IP: 185.100.220.135
Destination IP: 10.2.80.39
Origin Country: NL Netherlands

MITRE ATT&CK Mapping

Tactic: Credential Access
Technique: T1110.001
Reference: attack.mitre.org/techniques/T1110.001

Investigation Timeline

16:21:41 Event ingested by SOC365 Engine

16:21:44 EmilyAI triage started — correlation enrichment

16:21:49 EmilyAI confidence: 85% — escalated to human analyst

16:22:00 Alert assigned to analyst: Anika Patel

16:23:14 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00216	1h ago	Failed MFA Challenge	Medium	Investigating	WS-PC-004
ALR-00294	4h ago	Brute Force SSH	Low	Escalated	WS-PC-006
ALR-00009	4h ago	Brute Force SSH	High	Investigating	WS-LAP-012
ALR-00328	7h ago	Brute Force SSH	Medium	False Positive	SRV-MAIL-01
ALR-00075	8h ago	Shadow IT Discovery	Medium	Resolved	WS-PC-004