Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:24:42 UTC

C2 Beacon Activity

Low Escalated
ALR-00248 · 2026-04-08T17:57:14Z

Description

Suspected C2 beacon detected from SRV-BACKUP-01. Regular 60-second interval HTTPS POST to suspicious domain. DecoyPulse blocked outbound.

Alert Metadata

Alert ID
ALR-00248
Timestamp
2026-04-08T17:57:14Z
Severity
Low
Status
Escalated
Detection Source
DecoyPulse
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
m.taylor
Source IP
185.8.220.221
Destination IP
10.2.122.23
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1071.001
Reference
attack.mitre.org/techniques/T1071.001

Investigation Timeline

17:57:14 Event ingested by SOC365 Engine
17:57:18 EmilyAI triage started — correlation enrichment
17:57:25 EmilyAI confidence: 87% — escalated to human analyst
17:57:44 Alert assigned to analyst: EmilyAI (auto)
17:59:36 Investigation started — querying SIEM and threat intelligence
18:02:22 Containment action taken — endpoint isolated
18:13:15 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00436 9h ago C2 Beacon Activity Low Open WS-PC-003
ALR-00448 9h ago C2 Beacon Activity Informational Open WS-LAP-011
ALR-00428 11h ago C2 Beacon Activity Medium Open FW-EDGE-01
ALR-00286 20h ago Port Scan Detected Medium Open SRV-BACKUP-01
ALR-00451 21h ago C2 Beacon Activity Low Resolved SRV-BACKUP-01