Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:25:28 UTC

C2 Beacon Activity

Informational Open
ALR-00158 · 2026-04-09T07:42:50Z

Description

Suspected C2 beacon detected from WS-PC-003. Regular 60-second interval HTTPS POST to suspicious domain. Cloud Connector blocked outbound.

Alert Metadata

Alert ID
ALR-00158
Timestamp
2026-04-09T07:42:50Z
Severity
Informational
Status
Open
Detection Source
Cloud Connector
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-003
User Account
l.johnson
Source IP
91.115.195.196
Destination IP
10.3.229.235
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1071.001
Reference
attack.mitre.org/techniques/T1071.001

Investigation Timeline

07:42:50 Event ingested by SOC365 Engine
07:42:52 EmilyAI triage started — correlation enrichment
07:43:05 EmilyAI confidence: 96% — escalated to human analyst
07:43:16 Alert assigned to analyst: EmilyAI (auto)
07:45:44 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00285 2h ago Tor Exit Node Connection Low Escalated WS-PC-003
ALR-00077 3h ago C2 Beacon Activity Medium Open WS-PC-002
ALR-00328 4h ago C2 Beacon Activity Low Investigating WS-PC-002
ALR-00067 7h ago Data Exfiltration Attempt Informational Investigating WS-PC-003
ALR-00344 18h ago Ransomware Behaviour Detected Informational Open WS-PC-003