C2 Beacon Activity
Informational
Investigating
ALR-00282 · 2026-07-08T05:11:35Z
Description
Suspected C2 beacon detected from WS-LAP-012. Regular 60-second interval HTTPS POST to suspicious domain. DLP Module blocked outbound.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
05:11:35
Event ingested by SOC365 Engine
05:11:39
EmilyAI triage started — correlation enrichment
05:11:42
EmilyAI confidence: 85% — escalated to human analyst
05:11:52
Alert assigned to analyst: EmilyAI (auto)
05:12:28
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00021 | 6h ago | Unauthorised USB Device | Medium | Open | WS-LAP-012 |
| ALR-00196 | 11h ago | Suspicious PowerShell Execution | Informational | Escalated | WS-LAP-012 |
| ALR-00129 | 11h ago | Rogue DHCP Server | Low | Resolved | WS-LAP-012 |
| ALR-00362 | 12h ago | Unauthorised USB Device | Medium | Escalated | WS-LAP-012 |
| ALR-00385 | 14h ago | C2 Beacon Activity | High | Investigating | AP-WIFI-03 |