Brute Force SSH

Low Escalated

ALR-00491 · 2026-05-21T07:45:16Z

Description

Multiple failed SSH login attempts detected on SRV-BACKUP-01 from external IP. Email Gateway flagged 47 attempts in 5 minutes targeting user 'h.roberts'.

Alert Metadata

Alert ID: ALR-00491
Timestamp: 2026-05-21T07:45:16Z
Severity: Low
Status: Escalated
Detection Source: Email Gateway
Assigned Analyst: EmilyAI (auto)

Endpoint Information

Hostname: SRV-BACKUP-01
User Account: h.roberts
Source IP: 45.230.148.138
Destination IP: 10.0.184.105
Origin Country: GB United Kingdom

MITRE ATT&CK Mapping

Tactic: Credential Access
Technique: T1110.001
Reference: attack.mitre.org/techniques/T1110.001

Investigation Timeline

07:45:16 Event ingested by SOC365 Engine

07:45:18 EmilyAI triage started — correlation enrichment

07:45:28 EmilyAI confidence: 88% — escalated to human analyst

07:45:49 Alert assigned to analyst: EmilyAI (auto)

07:46:41 Investigation started — querying SIEM and threat intelligence

07:54:37 Containment action taken — endpoint isolated

07:57:42 Alert resolved — remediation complete

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00066	4h ago	Certificate Anomaly	Low	Escalated	SRV-BACKUP-01
ALR-00160	7h ago	Brute Force SSH	Medium	Resolved	WS-PC-006
ALR-00236	8h ago	DecoyPulse Honeypot Triggered	Low	False Positive	SRV-BACKUP-01
ALR-00013	11h ago	Brute Force SSH	Low	Escalated	AP-WIFI-03
ALR-00305	13h ago	Brute Force SSH	Low	Escalated	SRV-BACKUP-01