Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:39:24 UTC

Brute Force SSH

Medium Escalated
ALR-00089 · 2026-07-10T18:38:54Z

Description

Multiple failed SSH login attempts detected on SRV-FILE-01 from external IP. Network IDS flagged 47 attempts in 5 minutes targeting user 'c.williams'.

Alert Metadata

Alert ID
ALR-00089
Timestamp
2026-07-10T18:38:54Z
Severity
Medium
Status
Escalated
Detection Source
Network IDS
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
SRV-FILE-01
User Account
c.williams
Source IP
194.252.62.97
Destination IP
10.0.2.163
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.001
Reference
attack.mitre.org/techniques/T1110.001

Investigation Timeline

18:38:54 Event ingested by SOC365 Engine
18:38:57 EmilyAI triage started — correlation enrichment
18:39:05 EmilyAI confidence: 81% — escalated to human analyst
18:39:21 Alert assigned to analyst: Emma Richardson
18:39:39 Investigation started — querying SIEM and threat intelligence
18:42:51 Containment action taken — endpoint isolated
18:49:06 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00240 11h ago Brute Force SSH Medium Escalated WS-LAP-011
ALR-00104 13h ago Kerberoasting Attempt Informational False Positive SRV-FILE-01
ALR-00406 16h ago DLP Policy Violation Low Escalated SRV-FILE-01
ALR-00070 16h ago Phishing Email Blocked Medium Escalated SRV-FILE-01
ALR-00274 1d ago Brute Force SSH Low False Positive SRV-FILE-01