Brute Force SSH
Low
Investigating
ALR-00342 · 2026-07-04T23:21:20Z
Description
Multiple failed SSH login attempts detected on WS-PC-006 from external IP. SOC365 Engine flagged 47 attempts in 5 minutes targeting user 'j.smith'.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
23:21:20
Event ingested by SOC365 Engine
23:21:21
EmilyAI triage started — correlation enrichment
23:21:27
EmilyAI confidence: 97% — escalated to human analyst
23:22:02
Alert assigned to analyst: EmilyAI (auto)
23:22:06
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00294 | 27m ago | Brute Force SSH | Low | Open | AP-WIFI-03 |
| ALR-00446 | 1h ago | Failed MFA Challenge | Medium | Open | WS-PC-006 |
| ALR-00307 | 3h ago | Brute Force SSH | Low | Investigating | SRV-MAIL-01 |
| ALR-00236 | 5h ago | Pass-the-Hash Detected | Low | False Positive | WS-PC-006 |
| ALR-00305 | 8h ago | Pass-the-Hash Detected | Informational | Resolved | WS-PC-006 |