Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:41:23 UTC

Anomalous DNS Query

Medium Escalated
ALR-00074 · 2026-07-05T04:02:21Z

Description

DNS query to known DGA-generated domain from WS-LAP-010. Network IDS matched pattern against threat intelligence feed. User: r.davies.

Alert Metadata

Alert ID
ALR-00074
Timestamp
2026-07-05T04:02:21Z
Severity
Medium
Status
Escalated
Detection Source
Network IDS
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
WS-LAP-010
User Account
r.davies
Source IP
194.105.62.149
Destination IP
10.3.222.1
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

04:02:21 Event ingested by SOC365 Engine
04:02:24 EmilyAI triage started — correlation enrichment
04:02:27 EmilyAI confidence: 83% — escalated to human analyst
04:03:01 Alert assigned to analyst: Anika Patel
04:03:12 Investigation started — querying SIEM and threat intelligence
04:10:30 Containment action taken — endpoint isolated
04:15:28 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00079 6m ago Tor Exit Node Connection Informational Resolved WS-LAP-010
ALR-00454 39m ago Credential Stuffing Attempt High Investigating WS-LAP-010
ALR-00253 2h ago Anomalous DNS Query Low Open WS-LAP-012
ALR-00166 3h ago Pass-the-Hash Detected Low Resolved WS-LAP-010
ALR-00413 4h ago Shadow IT Discovery Low Investigating WS-LAP-010