Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:21:56 UTC

Brute Force SSH

Low False Positive
ALR-00163 · 2026-05-23T19:35:58Z

Description

Multiple failed SSH login attempts detected on WS-PC-003 from external IP. Network IDS flagged 47 attempts in 5 minutes targeting user 'a.wilson'.

Alert Metadata

Alert ID
ALR-00163
Timestamp
2026-05-23T19:35:58Z
Severity
Low
Status
False Positive
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-003
User Account
a.wilson
Source IP
194.26.62.177
Destination IP
10.1.34.170
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.001
Reference
attack.mitre.org/techniques/T1110.001

Investigation Timeline

19:35:58 Event ingested by SOC365 Engine
19:36:00 EmilyAI triage started — correlation enrichment
19:36:12 EmilyAI confidence: 94% — escalated to human analyst
19:36:20 Alert assigned to analyst: EmilyAI (auto)
19:38:21 Investigation started — querying SIEM and threat intelligence
19:42:05 Containment action taken — endpoint isolated
19:50:48 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00338 1d ago C2 Beacon Activity High Open WS-PC-003
ALR-00435 1d ago Rogue DHCP Server Informational Investigating WS-PC-003
ALR-00066 1d ago Brute Force SSH Low Open WS-PC-004
ALR-00465 1d ago Brute Force SSH Informational Investigating SRV-APP-01
ALR-00095 1d ago Data Exfiltration Attempt Medium Open WS-PC-003