Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:39:26 UTC

C2 Beacon Activity

Low Resolved
ALR-00204 · 2026-07-10T13:17:56Z

Description

Suspected C2 beacon detected from SRV-APP-01. Regular 60-second interval HTTPS POST to suspicious domain. Attack Surface Scanner blocked outbound.

Alert Metadata

Alert ID
ALR-00204
Timestamp
2026-07-10T13:17:56Z
Severity
Low
Status
Resolved
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-APP-01
User Account
m.taylor
Source IP
91.131.195.236
Destination IP
10.3.46.26
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1071.001
Reference
attack.mitre.org/techniques/T1071.001

Investigation Timeline

13:17:56 Event ingested by SOC365 Engine
13:17:57 EmilyAI triage started — correlation enrichment
13:18:07 EmilyAI confidence: 84% — escalated to human analyst
13:18:39 Alert assigned to analyst: EmilyAI (auto)
13:19:59 Investigation started — querying SIEM and threat intelligence
13:23:35 Containment action taken — endpoint isolated
13:31:53 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00211 3h ago Anomalous DNS Query Medium False Positive SRV-APP-01
ALR-00064 8h ago Ransomware Behaviour Detected Medium Escalated SRV-APP-01
ALR-00164 10h ago C2 Beacon Activity Critical Open WS-PC-004
ALR-00463 10h ago C2 Beacon Activity High Open SRV-SQL-01
ALR-00284 13h ago Certificate Anomaly Low Investigating SRV-APP-01