Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:45:28 UTC

Anomalous DNS Query

Informational Open
ALR-00188 · 2026-07-05T20:00:22Z

Description

DNS query to known DGA-generated domain from SRV-BACKUP-01. Network IDS matched pattern against threat intelligence feed. User: system.

Alert Metadata

Alert ID
ALR-00188
Timestamp
2026-07-05T20:00:22Z
Severity
Informational
Status
Open
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
system
Source IP
91.151.195.138
Destination IP
10.3.15.217
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

20:00:22 Event ingested by SOC365 Engine
20:00:27 EmilyAI triage started — correlation enrichment
20:00:37 EmilyAI confidence: 87% — escalated to human analyst
20:00:41 Alert assigned to analyst: EmilyAI (auto)
20:01:40 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00216 1h ago Certificate Anomaly Medium False Positive SRV-BACKUP-01
ALR-00353 2h ago Port Scan Detected Low Escalated SRV-BACKUP-01
ALR-00429 5h ago Pass-the-Hash Detected Medium False Positive SRV-BACKUP-01
ALR-00001 10h ago Malware Signature Match Low False Positive SRV-BACKUP-01
ALR-00050 11h ago Anomalous DNS Query Low False Positive WS-LAP-012