Brute Force SSH

Informational False Positive

ALR-00440 · 2026-05-25T08:11:52Z

Description

Multiple failed SSH login attempts detected on SRV-APP-01 from external IP. Cloud Connector flagged 47 attempts in 5 minutes targeting user 'k.brown'.

Alert Metadata

Alert ID: ALR-00440
Timestamp: 2026-05-25T08:11:52Z
Severity: Informational
Status: False Positive
Detection Source: Cloud Connector
Assigned Analyst: EmilyAI (auto)

Endpoint Information

Hostname: SRV-APP-01
User Account: k.brown
Source IP: 91.49.195.30
Destination IP: 10.0.181.213
Origin Country: FR France

MITRE ATT&CK Mapping

Tactic: Credential Access
Technique: T1110.001
Reference: attack.mitre.org/techniques/T1110.001

Investigation Timeline

08:11:52 Event ingested by SOC365 Engine

08:11:56 EmilyAI triage started — correlation enrichment

08:12:06 EmilyAI confidence: 87% — escalated to human analyst

08:12:22 Alert assigned to analyst: EmilyAI (auto)

08:14:06 Investigation started — querying SIEM and threat intelligence

08:17:43 Containment action taken — endpoint isolated

08:25:01 Alert resolved — remediation complete

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00342	2m ago	Kerberoasting Attempt	Low	Resolved	SRV-APP-01
ALR-00485	44m ago	Brute Force SSH	Low	False Positive	SRV-SQL-01
ALR-00405	2h ago	Brute Force SSH	Medium	Open	WS-PC-006
ALR-00438	3h ago	Malware Signature Match	Low	Investigating	SRV-APP-01
ALR-00279	21h ago	Tor Exit Node Connection	Critical	Escalated	SRV-APP-01