Anomalous DNS Query
Informational
False Positive
ALR-00389 · 2026-07-11T05:55:49Z
Description
DNS query to known DGA-generated domain from WS-LAP-011. SOC365 Engine matched pattern against threat intelligence feed. User: h.roberts.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
05:55:49
Event ingested by SOC365 Engine
05:55:50
EmilyAI triage started — correlation enrichment
05:55:58
EmilyAI confidence: 95% — escalated to human analyst
05:56:23
Alert assigned to analyst: EmilyAI (auto)
05:57:00
Investigation started — querying SIEM and threat intelligence
06:04:25
Containment action taken — endpoint isolated
06:12:08
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00211 | 3h ago | Anomalous DNS Query | Medium | False Positive | SRV-APP-01 |
| ALR-00078 | 6h ago | Phishing Email Blocked | Medium | False Positive | WS-LAP-011 |
| ALR-00159 | 9h ago | Anomalous DNS Query | Informational | Open | WS-PC-006 |
| ALR-00455 | 9h ago | Anomalous DNS Query | Low | Escalated | WS-PC-004 |
| ALR-00007 | 20h ago | Anomalous DNS Query | Medium | False Positive | SRV-DC-01 |