Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:09:15 UTC

Brute Force SSH

Medium Resolved
ALR-00228 · 2026-05-26T08:14:00Z

Description

Multiple failed SSH login attempts detected on WS-PC-004 from external IP. Email Gateway flagged 47 attempts in 5 minutes targeting user 'f.hall'.

Alert Metadata

Alert ID
ALR-00228
Timestamp
2026-05-26T08:14:00Z
Severity
Medium
Status
Resolved
Detection Source
Email Gateway
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-PC-004
User Account
f.hall
Source IP
185.188.220.127
Destination IP
10.0.239.105
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.001
Reference
attack.mitre.org/techniques/T1110.001

Investigation Timeline

08:14:00 Event ingested by SOC365 Engine
08:14:04 EmilyAI triage started — correlation enrichment
08:14:06 EmilyAI confidence: 89% — escalated to human analyst
08:14:39 Alert assigned to analyst: Marcus Webb
08:14:46 Investigation started — querying SIEM and threat intelligence
08:20:58 Containment action taken — endpoint isolated
08:25:05 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00194 1h ago Brute Force SSH Medium Escalated SRV-BACKUP-01
ALR-00309 9h ago Pass-the-Hash Detected Low Open WS-PC-004
ALR-00361 12h ago Brute Force SSH Medium Open SRV-WEB-01
ALR-00036 14h ago Insider Threat Indicator High Escalated WS-PC-004
ALR-00174 15h ago Tor Exit Node Connection Informational Resolved WS-PC-004