Brute Force SSH
Medium
Open
ALR-00426 · 2026-07-11T17:11:16Z
Description
Multiple failed SSH login attempts detected on WS-LAP-011 from external IP. Endpoint Agent flagged 47 attempts in 5 minutes targeting user 'a.wilson'.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
17:11:16
Event ingested by SOC365 Engine
17:11:18
EmilyAI triage started — correlation enrichment
17:11:31
EmilyAI confidence: 84% — escalated to human analyst
17:11:35
Alert assigned to analyst: James Okonkwo
17:13:26
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00242 | 5h ago | Ransomware Behaviour Detected | Critical | Open | WS-LAP-011 |
| ALR-00205 | 9h ago | Port Scan Detected | Medium | Resolved | WS-LAP-011 |
| ALR-00096 | 13h ago | Brute Force SSH | High | Escalated | WS-LAP-011 |
| ALR-00047 | 20h ago | Brute Force SSH | Low | Escalated | WS-LAP-012 |
| ALR-00396 | 23h ago | Brute Force SSH | Low | False Positive | SRV-FILE-01 |