Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:56:35 UTC

Anomalous DNS Query

Medium False Positive
ALR-00051 · 2026-05-22T20:04:24Z

Description

DNS query to known DGA-generated domain from SRV-BACKUP-01. SOC365 Engine matched pattern against threat intelligence feed. User: r.davies.

Alert Metadata

Alert ID
ALR-00051
Timestamp
2026-05-22T20:04:24Z
Severity
Medium
Status
False Positive
Detection Source
SOC365 Engine
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
r.davies
Source IP
103.185.216.170
Destination IP
10.3.152.198
Origin Country
FR France

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

20:04:24 Event ingested by SOC365 Engine
20:04:29 EmilyAI triage started — correlation enrichment
20:04:31 EmilyAI confidence: 86% — escalated to human analyst
20:04:54 Alert assigned to analyst: Sarah Chen
20:06:50 Investigation started — querying SIEM and threat intelligence
20:10:25 Containment action taken — endpoint isolated
20:14:46 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00046 2h ago Anomalous DNS Query Medium Escalated SRV-WEB-01
ALR-00030 4h ago Anomalous DNS Query Low False Positive WS-LAP-011
ALR-00294 18h ago Anomalous DNS Query Informational Investigating SW-CORE-01
ALR-00363 18h ago Brute Force SSH Low Resolved SRV-BACKUP-01
ALR-00347 22h ago Credential Stuffing Attempt Low Resolved SRV-BACKUP-01