C2 Beacon Activity
Critical
Open
ALR-00292 · 2026-05-21T06:34:11Z
Description
Suspected C2 beacon detected from WS-MAC-005. Regular 60-second interval HTTPS POST to suspicious domain. Dark Web Monitor blocked outbound.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
06:34:11
Event ingested by SOC365 Engine
06:34:16
EmilyAI triage started — correlation enrichment
06:34:18
EmilyAI confidence: 87% — escalated to human analyst
06:34:48
Alert assigned to analyst: Emma Richardson
06:36:42
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00115 | 1h ago | C2 Beacon Activity | Medium | False Positive | SRV-BACKUP-01 |
| ALR-00162 | 3h ago | C2 Beacon Activity | High | Escalated | WS-LAP-011 |
| ALR-00039 | 3h ago | C2 Beacon Activity | Low | Escalated | SRV-MAIL-01 |
| ALR-00458 | 5h ago | C2 Beacon Activity | Medium | Open | WS-LAP-010 |
| ALR-00026 | 5h ago | C2 Beacon Activity | Informational | Investigating | WS-MAC-005 |