Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:46:22 UTC

Anomalous DNS Query

Low Investigating
ALR-00258 · 2026-07-11T04:45:15Z

Description

DNS query to known DGA-generated domain from WS-PC-002. Endpoint Agent matched pattern against threat intelligence feed. User: n.clark.

Alert Metadata

Alert ID
ALR-00258
Timestamp
2026-07-11T04:45:15Z
Severity
Low
Status
Investigating
Detection Source
Endpoint Agent
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-002
User Account
n.clark
Source IP
194.153.62.113
Destination IP
10.2.207.161
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

04:45:15 Event ingested by SOC365 Engine
04:45:20 EmilyAI triage started — correlation enrichment
04:45:26 EmilyAI confidence: 95% — escalated to human analyst
04:45:37 Alert assigned to analyst: EmilyAI (auto)
04:48:13 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00070 3h ago Privilege Escalation Attempt Medium Open WS-PC-002
ALR-00447 7h ago Credential Stuffing Attempt Critical Investigating WS-PC-002
ALR-00475 8h ago Anomalous DNS Query Medium False Positive WS-PC-004
ALR-00499 9h ago Anomalous DNS Query Low Open VM-DEV-01
ALR-00096 11h ago Anomalous DNS Query Low Resolved WS-PC-001