Anomalous DNS Query
Informational
Open
ALR-00188 · 2026-07-05T20:00:22Z
Description
DNS query to known DGA-generated domain from SRV-BACKUP-01. Network IDS matched pattern against threat intelligence feed. User: system.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
20:00:22
Event ingested by SOC365 Engine
20:00:27
EmilyAI triage started — correlation enrichment
20:00:37
EmilyAI confidence: 87% — escalated to human analyst
20:00:41
Alert assigned to analyst: EmilyAI (auto)
20:01:40
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00216 | 1h ago | Certificate Anomaly | Medium | False Positive | SRV-BACKUP-01 |
| ALR-00353 | 2h ago | Port Scan Detected | Low | Escalated | SRV-BACKUP-01 |
| ALR-00429 | 5h ago | Pass-the-Hash Detected | Medium | False Positive | SRV-BACKUP-01 |
| ALR-00001 | 10h ago | Malware Signature Match | Low | False Positive | SRV-BACKUP-01 |
| ALR-00050 | 11h ago | Anomalous DNS Query | Low | False Positive | WS-LAP-012 |