Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:06:40 UTC

Anomalous DNS Query

Medium Escalated
ALR-00316 · 2026-05-25T23:54:46Z

Description

DNS query to known DGA-generated domain from VM-DEV-01. Attack Surface Scanner matched pattern against threat intelligence feed. User: c.williams.

Alert Metadata

Alert ID
ALR-00316
Timestamp
2026-05-25T23:54:46Z
Severity
Medium
Status
Escalated
Detection Source
Attack Surface Scanner
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
VM-DEV-01
User Account
c.williams
Source IP
45.117.148.250
Destination IP
10.0.118.101
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

23:54:46 Event ingested by SOC365 Engine
23:54:47 EmilyAI triage started — correlation enrichment
23:54:56 EmilyAI confidence: 89% — escalated to human analyst
23:55:02 Alert assigned to analyst: Marcus Webb
23:55:56 Investigation started — querying SIEM and threat intelligence
00:00:52 Containment action taken — endpoint isolated
00:08:54 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00170 8h ago Anomalous DNS Query Medium Resolved FW-EDGE-01
ALR-00277 10h ago Anomalous DNS Query Medium False Positive SRV-FILE-01
ALR-00108 12h ago Shadow IT Discovery Informational Escalated VM-DEV-01
ALR-00369 12h ago Anomalous DNS Query Low Open SW-CORE-01
ALR-00067 13h ago Insider Threat Indicator Low Resolved VM-DEV-01