Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:01:30 UTC

Anomalous DNS Query

Medium Investigating
ALR-00330 · 2026-05-26T08:21:11Z

Description

DNS query to known DGA-generated domain from SW-CORE-01. Endpoint Agent matched pattern against threat intelligence feed. User: s.jones.

Alert Metadata

Alert ID
ALR-00330
Timestamp
2026-05-26T08:21:11Z
Severity
Medium
Status
Investigating
Detection Source
Endpoint Agent
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SW-CORE-01
User Account
s.jones
Source IP
185.168.220.197
Destination IP
10.3.103.167
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

08:21:11 Event ingested by SOC365 Engine
08:21:15 EmilyAI triage started — correlation enrichment
08:21:20 EmilyAI confidence: 80% — escalated to human analyst
08:21:42 Alert assigned to analyst: Marcus Webb
08:23:59 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00128 4h ago Anomalous DNS Query Low Resolved FW-EDGE-01
ALR-00247 11h ago Certificate Anomaly Low Resolved SW-CORE-01
ALR-00389 12h ago Insider Threat Indicator Medium Open SW-CORE-01
ALR-00285 12h ago Anomalous DNS Query Medium Resolved WS-PC-003
ALR-00099 13h ago Certificate Anomaly Low Escalated SW-CORE-01