Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:55:00 UTC

C2 Beacon Activity

High Escalated
ALR-00066 · 2026-05-22T08:07:25Z

Description

Suspected C2 beacon detected from SRV-SQL-01. Regular 60-second interval HTTPS POST to suspicious domain. Attack Surface Scanner blocked outbound.

Alert Metadata

Alert ID
ALR-00066
Timestamp
2026-05-22T08:07:25Z
Severity
High
Status
Escalated
Detection Source
Attack Surface Scanner
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-SQL-01
User Account
e.evans
Source IP
103.162.216.177
Destination IP
10.0.83.145
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1071.001
Reference
attack.mitre.org/techniques/T1071.001

Investigation Timeline

08:07:25 Event ingested by SOC365 Engine
08:07:28 EmilyAI triage started — correlation enrichment
08:07:36 EmilyAI confidence: 86% — escalated to human analyst
08:07:50 Alert assigned to analyst: Marcus Webb
08:09:17 Investigation started — querying SIEM and threat intelligence
08:12:55 Containment action taken — endpoint isolated
08:18:32 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00223 2h ago C2 Beacon Activity Medium False Positive SRV-SQL-01
ALR-00303 5h ago C2 Beacon Activity Low Resolved SRV-DC-01
ALR-00005 9h ago C2 Beacon Activity High Investigating WS-PC-006
ALR-00079 10h ago Kerberoasting Attempt High Investigating SRV-SQL-01
ALR-00327 15h ago Insider Threat Indicator Low Resolved SRV-SQL-01