Brute Force SSH

Informational Resolved

ALR-00217 · 2026-04-06T06:23:46Z

Description

Multiple failed SSH login attempts detected on SRV-FILE-01 from external IP. Email Gateway flagged 47 attempts in 5 minutes targeting user 'd.walker'.

Alert Metadata

Alert ID: ALR-00217
Timestamp: 2026-04-06T06:23:46Z
Severity: Informational
Status: Resolved
Detection Source: Email Gateway
Assigned Analyst: EmilyAI (auto)

Endpoint Information

Hostname: SRV-FILE-01
User Account: d.walker
Source IP: 185.135.220.34
Destination IP: 10.3.124.81
Origin Country: NL Netherlands

MITRE ATT&CK Mapping

Tactic: Credential Access
Technique: T1110.001
Reference: attack.mitre.org/techniques/T1110.001

Investigation Timeline

06:23:46 Event ingested by SOC365 Engine

06:23:48 EmilyAI triage started — correlation enrichment

06:23:57 EmilyAI confidence: 86% — escalated to human analyst

06:24:25 Alert assigned to analyst: EmilyAI (auto)

06:25:18 Investigation started — querying SIEM and threat intelligence

06:28:59 Containment action taken — endpoint isolated

06:42:47 Alert resolved — remediation complete

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00186	1h ago	Brute Force SSH	Informational	Escalated	WS-LAP-011
ALR-00287	3h ago	Brute Force SSH	Informational	Escalated	WS-MAC-005
ALR-00413	8h ago	Suspicious Scheduled Task	Informational	Escalated	SRV-FILE-01
ALR-00400	8h ago	Brute Force SSH	Informational	False Positive	SRV-FILE-01
ALR-00417	11h ago	Phishing Email Blocked	Medium	Open	SRV-FILE-01