Brute Force SSH

High Open

ALR-00479 · 2026-05-22T23:34:11Z

Description

Multiple failed SSH login attempts detected on WS-MAC-005 from external IP. Attack Surface Scanner flagged 47 attempts in 5 minutes targeting user 'd.walker'.

Alert Metadata

Alert ID: ALR-00479
Timestamp: 2026-05-22T23:34:11Z
Severity: High
Status: Open
Detection Source: Attack Surface Scanner
Assigned Analyst: Sarah Chen

Endpoint Information

Hostname: WS-MAC-005
User Account: d.walker
Source IP: 103.108.216.148
Destination IP: 10.0.119.170
Origin Country: NL Netherlands

MITRE ATT&CK Mapping

Tactic: Credential Access
Technique: T1110.001
Reference: attack.mitre.org/techniques/T1110.001

Investigation Timeline

23:34:11 Event ingested by SOC365 Engine

23:34:15 EmilyAI triage started — correlation enrichment

23:34:16 EmilyAI confidence: 87% — escalated to human analyst

23:34:55 Alert assigned to analyst: Sarah Chen

23:36:13 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00206	21m ago	Brute Force SSH	Medium	Open	FW-EDGE-01
ALR-00151	3h ago	Anomalous DNS Query	Low	False Positive	WS-MAC-005
ALR-00478	6h ago	Failed MFA Challenge	Critical	Escalated	WS-MAC-005
ALR-00041	9h ago	Brute Force SSH	Informational	Resolved	SRV-FILE-01
ALR-00142	19h ago	Suspicious Scheduled Task	Low	Open	WS-MAC-005