Brute Force SSH

High Open

ALR-00133 · 2026-05-20T18:56:14Z

Description

Multiple failed SSH login attempts detected on SRV-FILE-01 from external IP. Attack Surface Scanner flagged 47 attempts in 5 minutes targeting user 'p.thomas'.

Alert Metadata

Alert ID: ALR-00133
Timestamp: 2026-05-20T18:56:14Z
Severity: High
Status: Open
Detection Source: Attack Surface Scanner
Assigned Analyst: Sarah Chen

Endpoint Information

Hostname: SRV-FILE-01
User Account: p.thomas
Source IP: 45.177.148.118
Destination IP: 10.2.44.119
Origin Country: FR France

MITRE ATT&CK Mapping

Tactic: Credential Access
Technique: T1110.001
Reference: attack.mitre.org/techniques/T1110.001

Investigation Timeline

18:56:14 Event ingested by SOC365 Engine

18:56:15 EmilyAI triage started — correlation enrichment

18:56:21 EmilyAI confidence: 95% — escalated to human analyst

18:56:55 Alert assigned to analyst: Sarah Chen

18:57:56 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00029	25m ago	Brute Force SSH	Low	Escalated	SRV-FILE-01
ALR-00317	12h ago	Brute Force SSH	Medium	Investigating	SRV-MAIL-01
ALR-00233	15h ago	Brute Force SSH	Medium	Escalated	SRV-BACKUP-01
ALR-00335	15h ago	Brute Force SSH	High	Investigating	WS-MAC-005
ALR-00224	16h ago	Brute Force SSH	High	Escalated	WS-LAP-011