Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:45:30 UTC

Anomalous DNS Query

Medium Escalated
ALR-00106 · 2026-07-09T05:19:30Z

Description

DNS query to known DGA-generated domain from WS-PC-006. Network IDS matched pattern against threat intelligence feed. User: a.wilson.

Alert Metadata

Alert ID
ALR-00106
Timestamp
2026-07-09T05:19:30Z
Severity
Medium
Status
Escalated
Detection Source
Network IDS
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
WS-PC-006
User Account
a.wilson
Source IP
91.185.195.186
Destination IP
10.1.232.28
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

05:19:30 Event ingested by SOC365 Engine
05:19:31 EmilyAI triage started — correlation enrichment
05:19:35 EmilyAI confidence: 93% — escalated to human analyst
05:19:52 Alert assigned to analyst: Emma Richardson
05:21:17 Investigation started — querying SIEM and threat intelligence
05:25:15 Containment action taken — endpoint isolated
05:35:27 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00170 50m ago Lateral Movement Detected Informational False Positive WS-PC-006
ALR-00487 7h ago Certificate Anomaly Low Escalated WS-PC-006
ALR-00050 11h ago Anomalous DNS Query Low False Positive WS-LAP-012
ALR-00040 11h ago Insider Threat Indicator Low False Positive WS-PC-006
ALR-00380 1d ago Anomalous DNS Query Low Open WS-PC-001