Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:36:40 UTC

Brute Force SSH

Informational Escalated
ALR-00316 · 2026-07-09T19:55:30Z

Description

Multiple failed SSH login attempts detected on VM-DEV-01 from external IP. Dark Web Monitor flagged 47 attempts in 5 minutes targeting user 'd.walker'.

Alert Metadata

Alert ID
ALR-00316
Timestamp
2026-07-09T19:55:30Z
Severity
Informational
Status
Escalated
Detection Source
Dark Web Monitor
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
VM-DEV-01
User Account
d.walker
Source IP
194.204.62.192
Destination IP
10.3.189.195
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.001
Reference
attack.mitre.org/techniques/T1110.001

Investigation Timeline

19:55:30 Event ingested by SOC365 Engine
19:55:31 EmilyAI triage started — correlation enrichment
19:55:45 EmilyAI confidence: 85% — escalated to human analyst
19:56:09 Alert assigned to analyst: EmilyAI (auto)
19:57:20 Investigation started — querying SIEM and threat intelligence
20:04:37 Containment action taken — endpoint isolated
20:12:47 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00129 4h ago Lateral Movement Detected Low Escalated VM-DEV-01
ALR-00138 10h ago Brute Force SSH Informational Open WS-PC-002
ALR-00314 12h ago Brute Force SSH Low False Positive SW-CORE-01
ALR-00109 19h ago Brute Force SSH Low Escalated WS-PC-003
ALR-00261 20h ago Shadow IT Discovery Medium Resolved VM-DEV-01