Anomalous DNS Query
High
Investigating
ALR-00105 · 2026-07-09T00:39:17Z
Description
DNS query to known DGA-generated domain from WS-LAP-011. Firewall matched pattern against threat intelligence feed. User: a.wilson.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
00:39:17
Event ingested by SOC365 Engine
00:39:19
EmilyAI triage started — correlation enrichment
00:39:24
EmilyAI confidence: 90% — escalated to human analyst
00:39:54
Alert assigned to analyst: James Okonkwo
00:40:51
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00244 | 1h ago | Data Exfiltration Attempt | Low | Escalated | WS-LAP-011 |
| ALR-00304 | 11h ago | Anomalous DNS Query | Low | False Positive | VM-DEV-01 |
| ALR-00296 | 14h ago | Privilege Escalation Attempt | Medium | False Positive | WS-LAP-011 |
| ALR-00190 | 17h ago | Privilege Escalation Attempt | Medium | Open | WS-LAP-011 |
| ALR-00048 | 18h ago | Lateral Movement Detected | Informational | False Positive | WS-LAP-011 |