SOC Monitoring · AI-Assisted Investigation

ENYRAX SOC

From raw alerts to correlated incidents, attack timeline, MITRE mapping and AI-generated response recommendations.

Back to Portal

Open Incidents

3 critical / 5 high / 4 medium

Correlated Alerts

428

Grouped by IP, host and behavior

AI Confidence

91%

Evidence-backed decision output

MITRE Coverage

Techniques mapped in demo data

Hot Incidents

Suspicious SSH Brute Force Pattern

CRITICAL

Source IP: 185.220.101.42 · Target: web-portal-01 · Duplicate Count: 36
Analysis Type: failed_login_cluster · MITRE: T1110 Brute Force

Privilege Escalation After Successful Login

HIGH

User: svc-backup · Host: infra-node-03 · Sequence: login → sudo → config access
Analysis Type: attack_story · MITRE: T1068 Privilege Escalation

Wazuh Agent Disconnected and Reconnected

MEDIUM

Agent: endpoint-07 · Status changed during suspicious activity window
Analysis Type: agent_state_change · MITRE: Defense Evasion Review

Attack Timeline

07:02

Multiple failed SSH login attempts from external IP.

07:04

Successful login detected after repeated failures.

07:05

Sudo command executed by newly authenticated session.

07:06

Agent heartbeat interruption observed on target host.

AI Decision Summary

The event chain suggests a potential credential-based intrusion followed by privilege escalation. Confidence is high because login failures, successful authentication and sudo execution occurred within the same short time window.

1. Temporarily block source IP at firewall layer.

2. Review successful login session and related commands.

3. Force password rotation for affected user account.

4. Preserve logs for incident timeline reconstruction.