Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:54:15 UTC

Anomalous DNS Query

Low Investigating
ALR-00075 · 2026-05-24T16:23:17Z

Description

DNS query to known DGA-generated domain from SRV-FILE-01. DLP Module matched pattern against threat intelligence feed. User: a.wilson.

Alert Metadata

Alert ID
ALR-00075
Timestamp
2026-05-24T16:23:17Z
Severity
Low
Status
Investigating
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-FILE-01
User Account
a.wilson
Source IP
103.27.216.32
Destination IP
10.1.121.5
Origin Country
FR France

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

16:23:17 Event ingested by SOC365 Engine
16:23:19 EmilyAI triage started — correlation enrichment
16:23:32 EmilyAI confidence: 79% — escalated to human analyst
16:23:47 Alert assigned to analyst: EmilyAI (auto)
16:24:32 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00358 1h ago Anomalous DNS Query Low Escalated SRV-BACKUP-01
ALR-00128 2h ago Privilege Escalation Attempt Low Open SRV-FILE-01
ALR-00030 4h ago Anomalous DNS Query High Investigating SRV-FILE-01
ALR-00207 13h ago Suspicious PowerShell Execution Informational False Positive SRV-FILE-01
ALR-00315 15h ago Port Scan Detected Medium Open SRV-FILE-01