Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 21:51:46 UTC

C2 Beacon Activity

Low False Positive
ALR-00368 · 2026-07-05T13:42:36Z

Description

Suspected C2 beacon detected from WS-MAC-005. Regular 60-second interval HTTPS POST to suspicious domain. Cloud Connector blocked outbound.

Alert Metadata

Alert ID
ALR-00368
Timestamp
2026-07-05T13:42:36Z
Severity
Low
Status
False Positive
Detection Source
Cloud Connector
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-MAC-005
User Account
s.jones
Source IP
91.232.195.153
Destination IP
10.3.125.150
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1071.001
Reference
attack.mitre.org/techniques/T1071.001

Investigation Timeline

13:42:36 Event ingested by SOC365 Engine
13:42:41 EmilyAI triage started — correlation enrichment
13:42:43 EmilyAI confidence: 90% — escalated to human analyst
13:43:13 Alert assigned to analyst: EmilyAI (auto)
13:43:39 Investigation started — querying SIEM and threat intelligence
13:49:56 Containment action taken — endpoint isolated
13:56:55 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00205 1h ago C2 Beacon Activity Informational Escalated SRV-BACKUP-01
ALR-00398 9h ago Failed MFA Challenge Medium False Positive WS-MAC-005
ALR-00037 10h ago C2 Beacon Activity Medium Escalated WS-LAP-010
ALR-00070 11h ago Failed MFA Challenge Medium Investigating WS-MAC-005
ALR-00258 17h ago Certificate Anomaly Medium Investigating WS-MAC-005