Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:22:21 UTC

Anomalous DNS Query

High Open
ALR-00224 · 2026-04-11T11:48:39Z

Description

DNS query to known DGA-generated domain from WS-LAP-012. DecoyPulse matched pattern against threat intelligence feed. User: l.johnson.

Alert Metadata

Alert ID
ALR-00224
Timestamp
2026-04-11T11:48:39Z
Severity
High
Status
Open
Detection Source
DecoyPulse
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-LAP-012
User Account
l.johnson
Source IP
91.108.195.33
Destination IP
10.2.150.9
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

11:48:39 Event ingested by SOC365 Engine
11:48:43 EmilyAI triage started — correlation enrichment
11:48:45 EmilyAI confidence: 94% — escalated to human analyst
11:49:02 Alert assigned to analyst: Marcus Webb
11:50:15 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00493 2h ago DLP Policy Violation Informational Investigating WS-LAP-012
ALR-00122 3h ago Kerberoasting Attempt Low Resolved WS-LAP-012
ALR-00344 5h ago Unauthorised USB Device Low Escalated WS-LAP-012
ALR-00386 7h ago Anomalous DNS Query Low False Positive SW-CORE-01
ALR-00290 15h ago Privilege Escalation Attempt Medium Investigating WS-LAP-012