Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 16:58:27 UTC

C2 Beacon Activity

Medium False Positive
ALR-00303 · 2026-04-09T03:10:59Z

Description

Suspected C2 beacon detected from WS-PC-002. Regular 60-second interval HTTPS POST to suspicious domain. Cloud Connector blocked outbound.

Alert Metadata

Alert ID
ALR-00303
Timestamp
2026-04-09T03:10:59Z
Severity
Medium
Status
False Positive
Detection Source
Cloud Connector
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-PC-002
User Account
k.brown
Source IP
185.227.220.86
Destination IP
10.0.63.178
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1071.001
Reference
attack.mitre.org/techniques/T1071.001

Investigation Timeline

03:10:59 Event ingested by SOC365 Engine
03:11:01 EmilyAI triage started — correlation enrichment
03:11:04 EmilyAI confidence: 82% — escalated to human analyst
03:11:41 Alert assigned to analyst: James Okonkwo
03:12:32 Investigation started — querying SIEM and threat intelligence
03:17:43 Containment action taken — endpoint isolated
03:28:59 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00005 3h ago Tor Exit Node Connection Low Resolved WS-PC-002
ALR-00141 6h ago Certificate Anomaly Informational False Positive WS-PC-002
ALR-00484 9h ago C2 Beacon Activity Informational False Positive WS-PC-004
ALR-00439 10h ago Lateral Movement Detected Medium Escalated WS-PC-002
ALR-00090 14h ago Insider Threat Indicator Informational Resolved WS-PC-002