Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:38:02 UTC

C2 Beacon Activity

Medium Resolved
ALR-00291 · 2026-07-08T15:13:17Z

Description

Suspected C2 beacon detected from WS-PC-002. Regular 60-second interval HTTPS POST to suspicious domain. DLP Module blocked outbound.

Alert Metadata

Alert ID
ALR-00291
Timestamp
2026-07-08T15:13:17Z
Severity
Medium
Status
Resolved
Detection Source
DLP Module
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-PC-002
User Account
c.williams
Source IP
103.163.216.106
Destination IP
10.3.18.224
Origin Country
FR France

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1071.001
Reference
attack.mitre.org/techniques/T1071.001

Investigation Timeline

15:13:17 Event ingested by SOC365 Engine
15:13:20 EmilyAI triage started — correlation enrichment
15:13:32 EmilyAI confidence: 97% — escalated to human analyst
15:13:43 Alert assigned to analyst: James Okonkwo
15:16:05 Investigation started — querying SIEM and threat intelligence
15:16:37 Containment action taken — endpoint isolated
15:29:56 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00117 1h ago C2 Beacon Activity Low False Positive SRV-DC-01
ALR-00125 2h ago Privilege Escalation Attempt High Open WS-PC-002
ALR-00419 3h ago Insider Threat Indicator Low Escalated WS-PC-002
ALR-00381 3h ago Pass-the-Hash Detected Informational Open WS-PC-002
ALR-00253 8h ago Shadow IT Discovery Low False Positive WS-PC-002