Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:54:54 UTC

Anomalous DNS Query

Medium Resolved
ALR-00037 · 2026-05-24T13:40:20Z

Description

DNS query to known DGA-generated domain from SRV-DC-01. DLP Module matched pattern against threat intelligence feed. User: system.

Alert Metadata

Alert ID
ALR-00037
Timestamp
2026-05-24T13:40:20Z
Severity
Medium
Status
Resolved
Detection Source
DLP Module
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-DC-01
User Account
system
Source IP
45.163.148.37
Destination IP
10.2.223.140
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

13:40:20 Event ingested by SOC365 Engine
13:40:24 EmilyAI triage started — correlation enrichment
13:40:27 EmilyAI confidence: 88% — escalated to human analyst
13:40:36 Alert assigned to analyst: Sarah Chen
13:42:30 Investigation started — querying SIEM and threat intelligence
13:46:39 Containment action taken — endpoint isolated
13:51:11 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00358 1h ago Anomalous DNS Query Low Escalated SRV-BACKUP-01
ALR-00030 4h ago Anomalous DNS Query High Investigating SRV-FILE-01
ALR-00191 10h ago Pass-the-Hash Detected Medium False Positive SRV-DC-01
ALR-00460 15h ago Anomalous DNS Query Medium Resolved SRV-BACKUP-01
ALR-00271 1d ago Failed MFA Challenge Low Investigating SRV-DC-01