Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:01:38 UTC

C2 Beacon Activity

Low Escalated
ALR-00310 · 2026-05-25T21:18:33Z

Description

Suspected C2 beacon detected from VM-DEV-01. Regular 60-second interval HTTPS POST to suspicious domain. DLP Module blocked outbound.

Alert Metadata

Alert ID
ALR-00310
Timestamp
2026-05-25T21:18:33Z
Severity
Low
Status
Escalated
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
VM-DEV-01
User Account
m.taylor
Source IP
185.244.220.163
Destination IP
10.0.25.25
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1071.001
Reference
attack.mitre.org/techniques/T1071.001

Investigation Timeline

21:18:33 Event ingested by SOC365 Engine
21:18:35 EmilyAI triage started — correlation enrichment
21:18:39 EmilyAI confidence: 80% — escalated to human analyst
21:18:50 Alert assigned to analyst: EmilyAI (auto)
21:21:21 Investigation started — querying SIEM and threat intelligence
21:26:46 Containment action taken — endpoint isolated
21:29:33 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00100 18h ago C2 Beacon Activity Informational Open WS-PC-004
ALR-00388 20h ago C2 Beacon Activity Medium False Positive WS-LAP-010
ALR-00182 22h ago Pass-the-Hash Detected Medium Resolved VM-DEV-01
ALR-00371 1d ago Privilege Escalation Attempt Medium Investigating VM-DEV-01
ALR-00321 1d ago C2 Beacon Activity Low Escalated WS-LAP-010