Anomalous DNS Query
Medium
Escalated
ALR-00059 · 2026-07-08T11:00:41Z
Description
DNS query to known DGA-generated domain from AP-WIFI-03. EmilyAI Triage matched pattern against threat intelligence feed. User: f.hall.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:00:41
Event ingested by SOC365 Engine
11:00:44
EmilyAI triage started — correlation enrichment
11:00:50
EmilyAI confidence: 84% — escalated to human analyst
11:01:14
Alert assigned to analyst: Sarah Chen
11:02:29
Investigation started — querying SIEM and threat intelligence
11:03:56
Containment action taken — endpoint isolated
11:19:13
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00168 | 8h ago | Privilege Escalation Attempt | Low | Open | AP-WIFI-03 |
| ALR-00227 | 20h ago | Ransomware Behaviour Detected | Informational | Investigating | AP-WIFI-03 |
| ALR-00016 | 21h ago | DLP Policy Violation | Informational | Escalated | AP-WIFI-03 |
| ALR-00131 | 1d ago | Suspicious Scheduled Task | Medium | Escalated | AP-WIFI-03 |
| ALR-00431 | 1d ago | Insider Threat Indicator | Informational | Investigating | AP-WIFI-03 |