Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:40:52 UTC

Brute Force SSH

Informational Escalated
ALR-00078 · 2026-07-09T23:06:38Z

Description

Multiple failed SSH login attempts detected on WS-PC-001 from external IP. Network IDS flagged 47 attempts in 5 minutes targeting user 'k.brown'.

Alert Metadata

Alert ID
ALR-00078
Timestamp
2026-07-09T23:06:38Z
Severity
Informational
Status
Escalated
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-001
User Account
k.brown
Source IP
91.36.195.108
Destination IP
10.0.52.214
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.001
Reference
attack.mitre.org/techniques/T1110.001

Investigation Timeline

23:06:38 Event ingested by SOC365 Engine
23:06:41 EmilyAI triage started — correlation enrichment
23:06:53 EmilyAI confidence: 95% — escalated to human analyst
23:07:14 Alert assigned to analyst: EmilyAI (auto)
23:08:51 Investigation started — querying SIEM and threat intelligence
23:14:31 Containment action taken — endpoint isolated
23:18:53 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00083 6h ago Brute Force SSH Medium False Positive SRV-SQL-01
ALR-00115 11h ago Failed MFA Challenge Low Resolved WS-PC-001
ALR-00447 18h ago Brute Force SSH High Investigating VM-DEV-01
ALR-00343 1d ago Brute Force SSH High Investigating SRV-MAIL-01
ALR-00379 1d ago Brute Force SSH Low Investigating SRV-BACKUP-01