Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:44:06 UTC

Anomalous DNS Query

Critical Escalated
ALR-00138 · 2026-07-07T22:32:21Z

Description

DNS query to known DGA-generated domain from VM-DEV-01. Cloud Connector matched pattern against threat intelligence feed. User: f.hall.

Alert Metadata

Alert ID
ALR-00138
Timestamp
2026-07-07T22:32:21Z
Severity
Critical
Status
Escalated
Detection Source
Cloud Connector
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
VM-DEV-01
User Account
f.hall
Source IP
103.60.216.210
Destination IP
10.0.222.128
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

22:32:21 Event ingested by SOC365 Engine
22:32:26 EmilyAI triage started — correlation enrichment
22:32:35 EmilyAI confidence: 92% — escalated to human analyst
22:32:57 Alert assigned to analyst: Marcus Webb
22:34:55 Investigation started — querying SIEM and threat intelligence
22:41:14 Containment action taken — endpoint isolated
22:46:07 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00222 15m ago Anomalous DNS Query Medium Investigating WS-LAP-012
ALR-00062 4h ago Anomalous DNS Query Informational Resolved WS-LAP-011
ALR-00473 5h ago Anomalous DNS Query Low Investigating SRV-SQL-01
ALR-00404 8h ago Anomalous DNS Query Low False Positive WS-MAC-005
ALR-00336 9h ago Anomalous DNS Query Medium Escalated WS-MAC-005