C2 Beacon Activity
Medium
Escalated
ALR-00287 · 2026-07-11T07:23:23Z
Description
Suspected C2 beacon detected from SRV-SQL-01. Regular 60-second interval HTTPS POST to suspicious domain. SOC365 Engine blocked outbound.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
07:23:23
Event ingested by SOC365 Engine
07:23:25
EmilyAI triage started — correlation enrichment
07:23:34
EmilyAI confidence: 94% — escalated to human analyst
07:23:50
Alert assigned to analyst: James Okonkwo
07:25:35
Investigation started — querying SIEM and threat intelligence
07:32:21
Containment action taken — endpoint isolated
07:39:28
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00193 | 1h ago | Pass-the-Hash Detected | Informational | Resolved | SRV-SQL-01 |
| ALR-00022 | 10h ago | C2 Beacon Activity | Low | False Positive | WS-PC-002 |
| ALR-00291 | 18h ago | Credential Stuffing Attempt | Critical | Escalated | SRV-SQL-01 |
| ALR-00087 | 20h ago | C2 Beacon Activity | High | Escalated | SRV-APP-01 |
| ALR-00410 | 22h ago | Data Exfiltration Attempt | Medium | Escalated | SRV-SQL-01 |