Brute Force SSH
Medium
False Positive
ALR-00427 · 2026-07-06T19:53:31Z
Description
Multiple failed SSH login attempts detected on WS-LAP-011 from external IP. Dark Web Monitor flagged 47 attempts in 5 minutes targeting user 'p.thomas'.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
19:53:31
Event ingested by SOC365 Engine
19:53:35
EmilyAI triage started — correlation enrichment
19:53:36
EmilyAI confidence: 83% — escalated to human analyst
19:53:54
Alert assigned to analyst: Anika Patel
19:55:13
Investigation started — querying SIEM and threat intelligence
20:01:42
Containment action taken — endpoint isolated
20:09:53
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00244 | 1h ago | Data Exfiltration Attempt | Low | Escalated | WS-LAP-011 |
| ALR-00487 | 6h ago | Brute Force SSH | High | Investigating | SRV-SQL-01 |
| ALR-00102 | 11h ago | Brute Force SSH | Low | False Positive | SRV-APP-01 |
| ALR-00296 | 14h ago | Privilege Escalation Attempt | Medium | False Positive | WS-LAP-011 |
| ALR-00190 | 17h ago | Privilege Escalation Attempt | Medium | Open | WS-LAP-011 |