Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:05:30 UTC

C2 Beacon Activity

Medium Open
ALR-00120 · 2026-05-21T11:12:49Z

Description

Suspected C2 beacon detected from WS-MAC-005. Regular 60-second interval HTTPS POST to suspicious domain. Cloud Connector blocked outbound.

Alert Metadata

Alert ID
ALR-00120
Timestamp
2026-05-21T11:12:49Z
Severity
Medium
Status
Open
Detection Source
Cloud Connector
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-MAC-005
User Account
system
Source IP
45.76.148.225
Destination IP
10.0.83.50
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1071.001
Reference
attack.mitre.org/techniques/T1071.001

Investigation Timeline

11:12:49 Event ingested by SOC365 Engine
11:12:50 EmilyAI triage started — correlation enrichment
11:12:56 EmilyAI confidence: 92% — escalated to human analyst
11:13:15 Alert assigned to analyst: James Okonkwo
11:14:57 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00151 3h ago Anomalous DNS Query Low False Positive WS-MAC-005
ALR-00478 6h ago Failed MFA Challenge Critical Escalated WS-MAC-005
ALR-00142 19h ago Suspicious Scheduled Task Low Open WS-MAC-005
ALR-00196 21h ago DLP Policy Violation Low Investigating WS-MAC-005
ALR-00266 23h ago Unusual Outbound Traffic Medium Resolved WS-MAC-005