Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:42:06 UTC

Anomalous DNS Query

Medium Escalated
ALR-00059 · 2026-07-08T11:00:41Z

Description

DNS query to known DGA-generated domain from AP-WIFI-03. EmilyAI Triage matched pattern against threat intelligence feed. User: f.hall.

Alert Metadata

Alert ID
ALR-00059
Timestamp
2026-07-08T11:00:41Z
Severity
Medium
Status
Escalated
Detection Source
EmilyAI Triage
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
AP-WIFI-03
User Account
f.hall
Source IP
103.25.216.51
Destination IP
10.3.201.154
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

11:00:41 Event ingested by SOC365 Engine
11:00:44 EmilyAI triage started — correlation enrichment
11:00:50 EmilyAI confidence: 84% — escalated to human analyst
11:01:14 Alert assigned to analyst: Sarah Chen
11:02:29 Investigation started — querying SIEM and threat intelligence
11:03:56 Containment action taken — endpoint isolated
11:19:13 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00168 8h ago Privilege Escalation Attempt Low Open AP-WIFI-03
ALR-00227 20h ago Ransomware Behaviour Detected Informational Investigating AP-WIFI-03
ALR-00016 21h ago DLP Policy Violation Informational Escalated AP-WIFI-03
ALR-00131 1d ago Suspicious Scheduled Task Medium Escalated AP-WIFI-03
ALR-00431 1d ago Insider Threat Indicator Informational Investigating AP-WIFI-03