Anomalous DNS Query
Critical
Escalated
ALR-00138 · 2026-07-07T22:32:21Z
Description
DNS query to known DGA-generated domain from VM-DEV-01. Cloud Connector matched pattern against threat intelligence feed. User: f.hall.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
22:32:21
Event ingested by SOC365 Engine
22:32:26
EmilyAI triage started — correlation enrichment
22:32:35
EmilyAI confidence: 92% — escalated to human analyst
22:32:57
Alert assigned to analyst: Marcus Webb
22:34:55
Investigation started — querying SIEM and threat intelligence
22:41:14
Containment action taken — endpoint isolated
22:46:07
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00222 | 15m ago | Anomalous DNS Query | Medium | Investigating | WS-LAP-012 |
| ALR-00062 | 4h ago | Anomalous DNS Query | Informational | Resolved | WS-LAP-011 |
| ALR-00473 | 5h ago | Anomalous DNS Query | Low | Investigating | SRV-SQL-01 |
| ALR-00404 | 8h ago | Anomalous DNS Query | Low | False Positive | WS-MAC-005 |
| ALR-00336 | 9h ago | Anomalous DNS Query | Medium | Escalated | WS-MAC-005 |