Brute Force SSH
Low
Investigating
ALR-00305 · 2026-07-08T00:41:44Z
Description
Multiple failed SSH login attempts detected on SRV-FILE-01 from external IP. Endpoint Agent flagged 47 attempts in 5 minutes targeting user 's.jones'.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
00:41:44
Event ingested by SOC365 Engine
00:41:47
EmilyAI triage started — correlation enrichment
00:41:50
EmilyAI confidence: 81% — escalated to human analyst
00:42:22
Alert assigned to analyst: EmilyAI (auto)
00:43:13
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00399 | 3h ago | Brute Force SSH | Medium | False Positive | WS-MAC-005 |
| ALR-00291 | 4h ago | Brute Force SSH | Informational | Open | SRV-SQL-01 |
| ALR-00055 | 6h ago | DLP Policy Violation | High | Open | SRV-FILE-01 |
| ALR-00059 | 7h ago | Unauthorised USB Device | High | Investigating | SRV-FILE-01 |
| ALR-00323 | 12h ago | Rogue DHCP Server | Low | Investigating | SRV-FILE-01 |