Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:19:49 UTC

Brute Force SSH

Low Investigating
ALR-00302 · 2026-05-23T08:22:43Z

Description

Multiple failed SSH login attempts detected on SRV-DC-01 from external IP. DLP Module flagged 47 attempts in 5 minutes targeting user 'h.roberts'.

Alert Metadata

Alert ID
ALR-00302
Timestamp
2026-05-23T08:22:43Z
Severity
Low
Status
Investigating
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-DC-01
User Account
h.roberts
Source IP
103.125.216.107
Destination IP
10.0.43.29
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.001
Reference
attack.mitre.org/techniques/T1110.001

Investigation Timeline

08:22:43 Event ingested by SOC365 Engine
08:22:44 EmilyAI triage started — correlation enrichment
08:22:50 EmilyAI confidence: 96% — escalated to human analyst
08:23:14 Alert assigned to analyst: EmilyAI (auto)
08:24:28 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00231 1h ago C2 Beacon Activity Informational Escalated SRV-DC-01
ALR-00453 1h ago Unauthorised USB Device Low Open SRV-DC-01
ALR-00203 7h ago Failed MFA Challenge Medium Escalated SRV-DC-01
ALR-00391 12h ago Unusual Outbound Traffic Low Investigating SRV-DC-01
ALR-00444 15h ago Suspicious Scheduled Task Low Open SRV-DC-01