Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 16:58:27 UTC

Anomalous DNS Query

Low Resolved
ALR-00143 · 2026-04-08T07:10:35Z

Description

DNS query to known DGA-generated domain from SRV-APP-01. SOC365 Engine matched pattern against threat intelligence feed. User: a.wilson.

Alert Metadata

Alert ID
ALR-00143
Timestamp
2026-04-08T07:10:35Z
Severity
Low
Status
Resolved
Detection Source
SOC365 Engine
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-APP-01
User Account
a.wilson
Source IP
45.79.148.30
Destination IP
10.0.20.58
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

07:10:35 Event ingested by SOC365 Engine
07:10:36 EmilyAI triage started — correlation enrichment
07:10:41 EmilyAI confidence: 91% — escalated to human analyst
07:10:50 Alert assigned to analyst: EmilyAI (auto)
07:11:52 Investigation started — querying SIEM and threat intelligence
07:14:47 Containment action taken — endpoint isolated
07:29:30 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00114 3h ago Suspicious Scheduled Task Informational Resolved SRV-APP-01
ALR-00239 9h ago Anomalous DNS Query Low Open SW-CORE-01
ALR-00273 9h ago Anomalous DNS Query Low Open SRV-FILE-01
ALR-00363 13h ago Anomalous DNS Query Informational Resolved WS-PC-006
ALR-00080 13h ago Anomalous DNS Query Informational Open WS-PC-001