Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:36:57 UTC

Anomalous DNS Query

High Investigating
ALR-00219 · 2026-07-09T15:02:50Z

Description

DNS query to known DGA-generated domain from FW-EDGE-01. DecoyPulse matched pattern against threat intelligence feed. User: f.hall.

Alert Metadata

Alert ID
ALR-00219
Timestamp
2026-07-09T15:02:50Z
Severity
High
Status
Investigating
Detection Source
DecoyPulse
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
FW-EDGE-01
User Account
f.hall
Source IP
185.124.220.155
Destination IP
10.3.211.40
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

15:02:50 Event ingested by SOC365 Engine
15:02:53 EmilyAI triage started — correlation enrichment
15:03:02 EmilyAI confidence: 92% — escalated to human analyst
15:03:13 Alert assigned to analyst: Anika Patel
15:04:05 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00135 4m ago Anomalous DNS Query Medium Open SRV-WEB-01
ALR-00431 56m ago Port Scan Detected Informational Resolved FW-EDGE-01
ALR-00481 4h ago Anomalous DNS Query High Investigating SRV-BACKUP-01
ALR-00387 11h ago Ransomware Behaviour Detected Medium Escalated FW-EDGE-01
ALR-00221 16h ago Ransomware Behaviour Detected Low Resolved FW-EDGE-01