Anomalous DNS Query
Medium
Escalated
ALR-00106 · 2026-07-09T05:19:30Z
Description
DNS query to known DGA-generated domain from WS-PC-006. Network IDS matched pattern against threat intelligence feed. User: a.wilson.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
05:19:30
Event ingested by SOC365 Engine
05:19:31
EmilyAI triage started — correlation enrichment
05:19:35
EmilyAI confidence: 93% — escalated to human analyst
05:19:52
Alert assigned to analyst: Emma Richardson
05:21:17
Investigation started — querying SIEM and threat intelligence
05:25:15
Containment action taken — endpoint isolated
05:35:27
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00170 | 50m ago | Lateral Movement Detected | Informational | False Positive | WS-PC-006 |
| ALR-00487 | 7h ago | Certificate Anomaly | Low | Escalated | WS-PC-006 |
| ALR-00050 | 11h ago | Anomalous DNS Query | Low | False Positive | WS-LAP-012 |
| ALR-00040 | 11h ago | Insider Threat Indicator | Low | False Positive | WS-PC-006 |
| ALR-00380 | 1d ago | Anomalous DNS Query | Low | Open | WS-PC-001 |