Brute Force SSH
Medium
Investigating
ALR-00292 · 2026-07-05T12:17:31Z
Description
Multiple failed SSH login attempts detected on WS-LAP-011 from external IP. Cloud Connector flagged 47 attempts in 5 minutes targeting user 'j.smith'.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
12:17:31
Event ingested by SOC365 Engine
12:17:34
EmilyAI triage started — correlation enrichment
12:17:46
EmilyAI confidence: 87% — escalated to human analyst
12:18:05
Alert assigned to analyst: Marcus Webb
12:19:42
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00244 | 1h ago | Data Exfiltration Attempt | Low | Escalated | WS-LAP-011 |
| ALR-00487 | 6h ago | Brute Force SSH | High | Investigating | SRV-SQL-01 |
| ALR-00102 | 11h ago | Brute Force SSH | Low | False Positive | SRV-APP-01 |
| ALR-00296 | 14h ago | Privilege Escalation Attempt | Medium | False Positive | WS-LAP-011 |
| ALR-00190 | 17h ago | Privilege Escalation Attempt | Medium | Open | WS-LAP-011 |