Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:54:17 UTC

Anomalous DNS Query

High Investigating
ALR-00030 · 2026-05-27T11:04:59Z

Description

DNS query to known DGA-generated domain from SRV-FILE-01. DLP Module matched pattern against threat intelligence feed. User: p.thomas.

Alert Metadata

Alert ID
ALR-00030
Timestamp
2026-05-27T11:04:59Z
Severity
High
Status
Investigating
Detection Source
DLP Module
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
SRV-FILE-01
User Account
p.thomas
Source IP
103.94.216.81
Destination IP
10.2.216.173
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

11:04:59 Event ingested by SOC365 Engine
11:05:03 EmilyAI triage started — correlation enrichment
11:05:14 EmilyAI confidence: 90% — escalated to human analyst
11:05:31 Alert assigned to analyst: Emma Richardson
11:05:56 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00358 1h ago Anomalous DNS Query Low Escalated SRV-BACKUP-01
ALR-00128 2h ago Privilege Escalation Attempt Low Open SRV-FILE-01
ALR-00207 13h ago Suspicious PowerShell Execution Informational False Positive SRV-FILE-01
ALR-00315 15h ago Port Scan Detected Medium Open SRV-FILE-01
ALR-00460 15h ago Anomalous DNS Query Medium Resolved SRV-BACKUP-01