C2 Beacon Activity
Low
False Positive
ALR-00368 · 2026-07-05T13:42:36Z
Description
Suspected C2 beacon detected from WS-MAC-005. Regular 60-second interval HTTPS POST to suspicious domain. Cloud Connector blocked outbound.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
13:42:36
Event ingested by SOC365 Engine
13:42:41
EmilyAI triage started — correlation enrichment
13:42:43
EmilyAI confidence: 90% — escalated to human analyst
13:43:13
Alert assigned to analyst: EmilyAI (auto)
13:43:39
Investigation started — querying SIEM and threat intelligence
13:49:56
Containment action taken — endpoint isolated
13:56:55
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00205 | 1h ago | C2 Beacon Activity | Informational | Escalated | SRV-BACKUP-01 |
| ALR-00398 | 9h ago | Failed MFA Challenge | Medium | False Positive | WS-MAC-005 |
| ALR-00037 | 10h ago | C2 Beacon Activity | Medium | Escalated | WS-LAP-010 |
| ALR-00070 | 11h ago | Failed MFA Challenge | Medium | Investigating | WS-MAC-005 |
| ALR-00258 | 17h ago | Certificate Anomaly | Medium | Investigating | WS-MAC-005 |