Brute Force SSH

Low Resolved

ALR-00467 · 2026-05-21T20:47:06Z

Description

Multiple failed SSH login attempts detected on SRV-APP-01 from external IP. EmilyAI Triage flagged 47 attempts in 5 minutes targeting user 'm.taylor'.

Alert Metadata

Alert ID: ALR-00467
Timestamp: 2026-05-21T20:47:06Z
Severity: Low
Status: Resolved
Detection Source: EmilyAI Triage
Assigned Analyst: EmilyAI (auto)

Endpoint Information

Hostname: SRV-APP-01
User Account: m.taylor
Source IP: 45.78.148.88
Destination IP: 10.1.199.90
Origin Country: BR Brazil

MITRE ATT&CK Mapping

Tactic: Credential Access
Technique: T1110.001
Reference: attack.mitre.org/techniques/T1110.001

Investigation Timeline

20:47:06 Event ingested by SOC365 Engine

20:47:08 EmilyAI triage started — correlation enrichment

20:47:12 EmilyAI confidence: 94% — escalated to human analyst

20:47:29 Alert assigned to analyst: EmilyAI (auto)

20:49:44 Investigation started — querying SIEM and threat intelligence

20:56:56 Containment action taken — endpoint isolated

20:59:34 Alert resolved — remediation complete

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00410	10h ago	Brute Force SSH	Low	Escalated	SRV-DC-01
ALR-00079	15h ago	Unauthorised USB Device	Low	Investigating	SRV-APP-01
ALR-00224	18h ago	Credential Stuffing Attempt	Low	Resolved	SRV-APP-01
ALR-00125	1d ago	Failed MFA Challenge	Critical	Open	SRV-APP-01
ALR-00315	1d ago	Rogue DHCP Server	Informational	Investigating	SRV-APP-01