Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 23:04:02 UTC

Brute Force SSH

Low Investigating
ALR-00485 · 2026-07-09T04:21:41Z

Description

Multiple failed SSH login attempts detected on WS-PC-001 from external IP. Network IDS flagged 47 attempts in 5 minutes targeting user 'k.brown'.

Alert Metadata

Alert ID
ALR-00485
Timestamp
2026-07-09T04:21:41Z
Severity
Low
Status
Investigating
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-001
User Account
k.brown
Source IP
45.170.148.252
Destination IP
10.1.106.104
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Credential Access
Technique
T1110.001
Reference
attack.mitre.org/techniques/T1110.001

Investigation Timeline

04:21:41 Event ingested by SOC365 Engine
04:21:45 EmilyAI triage started — correlation enrichment
04:21:48 EmilyAI confidence: 93% — escalated to human analyst
04:22:26 Alert assigned to analyst: EmilyAI (auto)
04:24:31 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00146 7h ago Malware Signature Match Medium Investigating WS-PC-001
ALR-00450 10h ago Privilege Escalation Attempt Low Investigating WS-PC-001
ALR-00206 10h ago Certificate Anomaly Informational Escalated WS-PC-001
ALR-00396 10h ago Brute Force SSH Medium Escalated FW-EDGE-01
ALR-00059 13h ago Data Exfiltration Attempt Medium Open WS-PC-001