Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:55:09 UTC

C2 Beacon Activity

Medium False Positive
ALR-00070 · 2026-04-12T09:09:50Z

Description

Suspected C2 beacon detected from WS-PC-002. Regular 60-second interval HTTPS POST to suspicious domain. Firewall blocked outbound.

Alert Metadata

Alert ID
ALR-00070
Timestamp
2026-04-12T09:09:50Z
Severity
Medium
Status
False Positive
Detection Source
Firewall
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-PC-002
User Account
d.walker
Source IP
91.124.195.111
Destination IP
10.2.208.146
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1071.001
Reference
attack.mitre.org/techniques/T1071.001

Investigation Timeline

09:09:50 Event ingested by SOC365 Engine
09:09:51 EmilyAI triage started — correlation enrichment
09:09:55 EmilyAI confidence: 79% — escalated to human analyst
09:10:26 Alert assigned to analyst: Marcus Webb
09:11:20 Investigation started — querying SIEM and threat intelligence
09:16:04 Containment action taken — endpoint isolated
09:24:21 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00165 10h ago Lateral Movement Detected Informational False Positive WS-PC-002
ALR-00108 19h ago Anomalous DNS Query Low Open WS-PC-002
ALR-00400 1d ago C2 Beacon Activity Low False Positive WS-LAP-011
ALR-00153 1d ago C2 Beacon Activity Informational Investigating WS-PC-004
ALR-00091 1d ago C2 Beacon Activity Low Investigating WS-LAP-010