Brute Force SSH
Medium
Resolved
ALR-00346 · 2026-07-05T07:48:06Z
Description
Multiple failed SSH login attempts detected on SRV-DC-01 from external IP. Cloud Connector flagged 47 attempts in 5 minutes targeting user 'r.davies'.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
07:48:06
Event ingested by SOC365 Engine
07:48:09
EmilyAI triage started — correlation enrichment
07:48:21
EmilyAI confidence: 89% — escalated to human analyst
07:48:36
Alert assigned to analyst: Sarah Chen
07:50:27
Investigation started — querying SIEM and threat intelligence
07:57:01
Containment action taken — endpoint isolated
08:03:31
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00402 | 12h ago | Brute Force SSH | Low | Open | WS-LAP-012 |
| ALR-00335 | 1d ago | Certificate Anomaly | Low | False Positive | SRV-DC-01 |
| ALR-00410 | 1d ago | Brute Force SSH | Medium | False Positive | WS-LAP-010 |
| ALR-00240 | 1d ago | Brute Force SSH | Low | Investigating | SRV-APP-01 |
| ALR-00004 | 1d ago | Brute Force SSH | Medium | Open | SRV-SQL-01 |