Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:38:35 UTC

C2 Beacon Activity

Informational Resolved
ALR-00266 · 2026-07-06T17:11:54Z

Description

Suspected C2 beacon detected from SRV-WEB-01. Regular 60-second interval HTTPS POST to suspicious domain. Firewall blocked outbound.

Alert Metadata

Alert ID
ALR-00266
Timestamp
2026-07-06T17:11:54Z
Severity
Informational
Status
Resolved
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-WEB-01
User Account
a.wilson
Source IP
45.46.148.47
Destination IP
10.0.203.186
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1071.001
Reference
attack.mitre.org/techniques/T1071.001

Investigation Timeline

17:11:54 Event ingested by SOC365 Engine
17:11:59 EmilyAI triage started — correlation enrichment
17:12:07 EmilyAI confidence: 82% — escalated to human analyst
17:12:09 Alert assigned to analyst: EmilyAI (auto)
17:13:55 Investigation started — querying SIEM and threat intelligence
17:19:55 Containment action taken — endpoint isolated
17:25:37 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00117 1h ago C2 Beacon Activity Low False Positive SRV-DC-01
ALR-00184 3h ago Tor Exit Node Connection Low Open SRV-WEB-01
ALR-00037 9h ago Credential Stuffing Attempt Medium Open SRV-WEB-01
ALR-00164 16h ago Shadow IT Discovery Low False Positive SRV-WEB-01
ALR-00234 16h ago Phishing Email Blocked Medium Investigating SRV-WEB-01