Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:39:31 UTC

C2 Beacon Activity

Critical Open
ALR-00164 · 2026-07-11T10:22:13Z

Description

Suspected C2 beacon detected from WS-PC-004. Regular 60-second interval HTTPS POST to suspicious domain. Attack Surface Scanner blocked outbound.

Alert Metadata

Alert ID
ALR-00164
Timestamp
2026-07-11T10:22:13Z
Severity
Critical
Status
Open
Detection Source
Attack Surface Scanner
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-PC-004
User Account
j.smith
Source IP
103.66.216.216
Destination IP
10.1.85.23
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1071.001
Reference
attack.mitre.org/techniques/T1071.001

Investigation Timeline

10:22:13 Event ingested by SOC365 Engine
10:22:14 EmilyAI triage started — correlation enrichment
10:22:25 EmilyAI confidence: 89% — escalated to human analyst
10:22:29 Alert assigned to analyst: James Okonkwo
10:24:42 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00455 9h ago Anomalous DNS Query Low Escalated WS-PC-004
ALR-00145 9h ago Lateral Movement Detected Low Escalated WS-PC-004
ALR-00463 10h ago C2 Beacon Activity High Open SRV-SQL-01
ALR-00450 14h ago C2 Beacon Activity High Escalated SRV-WEB-01
ALR-00185 20h ago Port Scan Detected Low Escalated WS-PC-004