C2 Beacon Activity
Low
Investigating
ALR-00049 · 2026-07-08T22:26:51Z
Description
Suspected C2 beacon detected from WS-PC-001. Regular 60-second interval HTTPS POST to suspicious domain. Firewall blocked outbound.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
22:26:51
Event ingested by SOC365 Engine
22:26:54
EmilyAI triage started — correlation enrichment
22:27:03
EmilyAI confidence: 97% — escalated to human analyst
22:27:06
Alert assigned to analyst: EmilyAI (auto)
22:28:59
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00485 | 10h ago | C2 Beacon Activity | Medium | Resolved | SRV-DC-01 |
| ALR-00115 | 11h ago | Failed MFA Challenge | Low | Resolved | WS-PC-001 |
| ALR-00176 | 14h ago | C2 Beacon Activity | Low | Investigating | VM-DEV-01 |
| ALR-00490 | 17h ago | C2 Beacon Activity | High | Investigating | SRV-SQL-01 |
| ALR-00238 | 1d ago | C2 Beacon Activity | Low | Open | WS-LAP-011 |