Brute Force SSH
Informational
False Positive
ALR-00104 · 2026-07-06T16:08:13Z
Description
Multiple failed SSH login attempts detected on WS-PC-003 from external IP. Cloud Connector flagged 47 attempts in 5 minutes targeting user 'j.smith'.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
16:08:13
Event ingested by SOC365 Engine
16:08:17
EmilyAI triage started — correlation enrichment
16:08:26
EmilyAI confidence: 94% — escalated to human analyst
16:08:54
Alert assigned to analyst: EmilyAI (auto)
16:09:57
Investigation started — querying SIEM and threat intelligence
16:12:46
Containment action taken — endpoint isolated
16:18:27
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00406 | 1h ago | DLP Policy Violation | Medium | Escalated | WS-PC-003 |
| ALR-00412 | 5h ago | Brute Force SSH | Low | Open | SRV-DC-01 |
| ALR-00126 | 10h ago | Brute Force SSH | High | Investigating | WS-MAC-005 |
| ALR-00081 | 1d ago | Brute Force SSH | Low | Investigating | SRV-MAIL-01 |
| ALR-00491 | 1d ago | Brute Force SSH | Low | Open | SRV-MAIL-01 |