Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:01:57 UTC

Brute Force SSH

Low False Positive
ALR-00477 · 2026-05-21T00:47:58Z

Description

Multiple failed SSH login attempts detected on WS-PC-002 from external IP. SOC365 Engine flagged 47 attempts in 5 minutes targeting user 'l.johnson'.

Alert Metadata

Alert ID
ALR-00477
Timestamp
2026-05-21T00:47:58Z
Severity
Low
Status
False Positive
Detection Source
SOC365 Engine
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-002
User Account
l.johnson
Source IP
194.55.62.115
Destination IP
10.0.127.227
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.001
Reference
attack.mitre.org/techniques/T1110.001

Investigation Timeline

00:47:58 Event ingested by SOC365 Engine
00:48:01 EmilyAI triage started — correlation enrichment
00:48:07 EmilyAI confidence: 82% — escalated to human analyst
00:48:43 Alert assigned to analyst: EmilyAI (auto)
00:49:07 Investigation started — querying SIEM and threat intelligence
00:57:53 Containment action taken — endpoint isolated
01:02:51 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00485 44m ago Brute Force SSH Low False Positive SRV-SQL-01
ALR-00405 2h ago Brute Force SSH Medium Open WS-PC-006
ALR-00009 6h ago Port Scan Detected Low Escalated WS-PC-002
ALR-00444 11h ago Malware Signature Match High Investigating WS-PC-002
ALR-00175 11h ago Pass-the-Hash Detected Low Escalated WS-PC-002