Anomalous DNS Query
Medium
Escalated
ALR-00074 · 2026-07-05T04:02:21Z
Description
DNS query to known DGA-generated domain from WS-LAP-010. Network IDS matched pattern against threat intelligence feed. User: r.davies.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
04:02:21
Event ingested by SOC365 Engine
04:02:24
EmilyAI triage started — correlation enrichment
04:02:27
EmilyAI confidence: 83% — escalated to human analyst
04:03:01
Alert assigned to analyst: Anika Patel
04:03:12
Investigation started — querying SIEM and threat intelligence
04:10:30
Containment action taken — endpoint isolated
04:15:28
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00079 | 6m ago | Tor Exit Node Connection | Informational | Resolved | WS-LAP-010 |
| ALR-00454 | 39m ago | Credential Stuffing Attempt | High | Investigating | WS-LAP-010 |
| ALR-00253 | 2h ago | Anomalous DNS Query | Low | Open | WS-LAP-012 |
| ALR-00166 | 3h ago | Pass-the-Hash Detected | Low | Resolved | WS-LAP-010 |
| ALR-00413 | 4h ago | Shadow IT Discovery | Low | Investigating | WS-LAP-010 |