Brute Force SSH
Low
Open
ALR-00445 · 2026-07-10T19:52:26Z
Description
Multiple failed SSH login attempts detected on WS-LAP-010 from external IP. Dark Web Monitor flagged 47 attempts in 5 minutes targeting user 'h.roberts'.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
19:52:26
Event ingested by SOC365 Engine
19:52:31
EmilyAI triage started — correlation enrichment
19:52:39
EmilyAI confidence: 89% — escalated to human analyst
19:53:11
Alert assigned to analyst: EmilyAI (auto)
19:54:20
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00462 | 9h ago | Brute Force SSH | Medium | False Positive | WS-LAP-011 |
| ALR-00077 | 10h ago | Brute Force SSH | High | Escalated | FW-EDGE-01 |
| ALR-00043 | 1d ago | Unauthorised USB Device | Medium | False Positive | WS-LAP-010 |
| ALR-00236 | 1d ago | Malware Signature Match | Low | Resolved | WS-LAP-010 |
| ALR-00381 | 1d ago | Brute Force SSH | Medium | Investigating | SW-CORE-01 |