Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:43:11 UTC

Anomalous DNS Query

Low Open
ALR-00183 · 2026-07-08T13:02:53Z

Description

DNS query to known DGA-generated domain from FW-EDGE-01. Email Gateway matched pattern against threat intelligence feed. User: c.williams.

Alert Metadata

Alert ID
ALR-00183
Timestamp
2026-07-08T13:02:53Z
Severity
Low
Status
Open
Detection Source
Email Gateway
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
FW-EDGE-01
User Account
c.williams
Source IP
45.132.148.62
Destination IP
10.2.192.153
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

13:02:53 Event ingested by SOC365 Engine
13:02:57 EmilyAI triage started — correlation enrichment
13:03:04 EmilyAI confidence: 86% — escalated to human analyst
13:03:31 Alert assigned to analyst: EmilyAI (auto)
13:03:50 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00410 8h ago Lateral Movement Detected Low False Positive FW-EDGE-01
ALR-00132 15h ago Anomalous DNS Query Low Escalated SRV-DC-01
ALR-00169 20h ago Privilege Escalation Attempt Informational False Positive FW-EDGE-01
ALR-00220 20h ago Anomalous DNS Query Low Resolved SRV-WEB-01
ALR-00271 1d ago Tor Exit Node Connection Informational Open FW-EDGE-01