C2 Beacon Activity
Critical
Open
ALR-00164 · 2026-07-11T10:22:13Z
Description
Suspected C2 beacon detected from WS-PC-004. Regular 60-second interval HTTPS POST to suspicious domain. Attack Surface Scanner blocked outbound.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
10:22:13
Event ingested by SOC365 Engine
10:22:14
EmilyAI triage started — correlation enrichment
10:22:25
EmilyAI confidence: 89% — escalated to human analyst
10:22:29
Alert assigned to analyst: James Okonkwo
10:24:42
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00455 | 9h ago | Anomalous DNS Query | Low | Escalated | WS-PC-004 |
| ALR-00145 | 9h ago | Lateral Movement Detected | Low | Escalated | WS-PC-004 |
| ALR-00463 | 10h ago | C2 Beacon Activity | High | Open | SRV-SQL-01 |
| ALR-00450 | 14h ago | C2 Beacon Activity | High | Escalated | SRV-WEB-01 |
| ALR-00185 | 20h ago | Port Scan Detected | Low | Escalated | WS-PC-004 |