Anomalous DNS Query
High
Investigating
ALR-00030 · 2026-05-27T11:04:59Z
Description
DNS query to known DGA-generated domain from SRV-FILE-01. DLP Module matched pattern against threat intelligence feed. User: p.thomas.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:04:59
Event ingested by SOC365 Engine
11:05:03
EmilyAI triage started — correlation enrichment
11:05:14
EmilyAI confidence: 90% — escalated to human analyst
11:05:31
Alert assigned to analyst: Emma Richardson
11:05:56
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00358 | 1h ago | Anomalous DNS Query | Low | Escalated | SRV-BACKUP-01 |
| ALR-00128 | 2h ago | Privilege Escalation Attempt | Low | Open | SRV-FILE-01 |
| ALR-00207 | 13h ago | Suspicious PowerShell Execution | Informational | False Positive | SRV-FILE-01 |
| ALR-00315 | 15h ago | Port Scan Detected | Medium | Open | SRV-FILE-01 |
| ALR-00460 | 15h ago | Anomalous DNS Query | Medium | Resolved | SRV-BACKUP-01 |