Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 16:53:25 UTC

C2 Beacon Activity

Informational Resolved
ALR-00312 · 2026-04-10T03:40:14Z

Description

Suspected C2 beacon detected from WS-LAP-011. Regular 60-second interval HTTPS POST to suspicious domain. Attack Surface Scanner blocked outbound.

Alert Metadata

Alert ID
ALR-00312
Timestamp
2026-04-10T03:40:14Z
Severity
Informational
Status
Resolved
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-011
User Account
l.johnson
Source IP
185.172.220.186
Destination IP
10.3.130.152
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1071.001
Reference
attack.mitre.org/techniques/T1071.001

Investigation Timeline

03:40:14 Event ingested by SOC365 Engine
03:40:18 EmilyAI triage started — correlation enrichment
03:40:23 EmilyAI confidence: 98% — escalated to human analyst
03:40:50 Alert assigned to analyst: EmilyAI (auto)
03:41:20 Investigation started — querying SIEM and threat intelligence
03:43:52 Containment action taken — endpoint isolated
03:58:43 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00149 3m ago Unauthorised USB Device Low False Positive WS-LAP-011
ALR-00123 19h ago Lateral Movement Detected Medium Open WS-LAP-011
ALR-00018 22h ago Tor Exit Node Connection Medium Resolved WS-LAP-011
ALR-00102 23h ago C2 Beacon Activity Low False Positive WS-LAP-011
ALR-00278 1d ago C2 Beacon Activity Medium Investigating WS-MAC-005