Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:51:05 UTC

Brute Force SSH

Low Investigating
ALR-00404 · 2026-07-06T01:34:59Z

Description

Multiple failed SSH login attempts detected on AP-WIFI-03 from external IP. Attack Surface Scanner flagged 47 attempts in 5 minutes targeting user 'r.davies'.

Alert Metadata

Alert ID
ALR-00404
Timestamp
2026-07-06T01:34:59Z
Severity
Low
Status
Investigating
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
AP-WIFI-03
User Account
r.davies
Source IP
194.243.62.223
Destination IP
10.2.22.12
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.001
Reference
attack.mitre.org/techniques/T1110.001

Investigation Timeline

01:34:59 Event ingested by SOC365 Engine
01:35:01 EmilyAI triage started — correlation enrichment
01:35:08 EmilyAI confidence: 87% — escalated to human analyst
01:35:16 Alert assigned to analyst: EmilyAI (auto)
01:37:37 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00196 28m ago Port Scan Detected Medium Resolved AP-WIFI-03
ALR-00133 3h ago Brute Force SSH Low Resolved FW-EDGE-01
ALR-00470 21h ago Phishing Email Blocked Informational Open AP-WIFI-03
ALR-00360 21h ago Brute Force SSH Critical Escalated WS-PC-003
ALR-00036 1d ago Brute Force SSH Low Resolved SW-CORE-01