Anomalous DNS Query
High
Investigating
ALR-00219 · 2026-07-09T15:02:50Z
Description
DNS query to known DGA-generated domain from FW-EDGE-01. DecoyPulse matched pattern against threat intelligence feed. User: f.hall.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
15:02:50
Event ingested by SOC365 Engine
15:02:53
EmilyAI triage started — correlation enrichment
15:03:02
EmilyAI confidence: 92% — escalated to human analyst
15:03:13
Alert assigned to analyst: Anika Patel
15:04:05
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00135 | 4m ago | Anomalous DNS Query | Medium | Open | SRV-WEB-01 |
| ALR-00431 | 56m ago | Port Scan Detected | Informational | Resolved | FW-EDGE-01 |
| ALR-00481 | 4h ago | Anomalous DNS Query | High | Investigating | SRV-BACKUP-01 |
| ALR-00387 | 11h ago | Ransomware Behaviour Detected | Medium | Escalated | FW-EDGE-01 |
| ALR-00221 | 16h ago | Ransomware Behaviour Detected | Low | Resolved | FW-EDGE-01 |