Brute Force SSH
Low
Open
ALR-00455 · 2026-07-06T00:28:10Z
Description
Multiple failed SSH login attempts detected on WS-LAP-010 from external IP. Endpoint Agent flagged 47 attempts in 5 minutes targeting user 's.jones'.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
00:28:10
Event ingested by SOC365 Engine
00:28:14
EmilyAI triage started — correlation enrichment
00:28:16
EmilyAI confidence: 86% — escalated to human analyst
00:28:26
Alert assigned to analyst: EmilyAI (auto)
00:29:53
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00124 | 1h ago | Brute Force SSH | Informational | False Positive | WS-LAP-011 |
| ALR-00060 | 4h ago | DecoyPulse Honeypot Triggered | Low | False Positive | WS-LAP-010 |
| ALR-00115 | 9h ago | Port Scan Detected | Medium | Escalated | WS-LAP-010 |
| ALR-00315 | 18h ago | DLP Policy Violation | Low | Escalated | WS-LAP-010 |
| ALR-00407 | 18h ago | Shadow IT Discovery | Informational | False Positive | WS-LAP-010 |