Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:39:06 UTC

Anomalous DNS Query

Informational False Positive
ALR-00389 · 2026-07-11T05:55:49Z

Description

DNS query to known DGA-generated domain from WS-LAP-011. SOC365 Engine matched pattern against threat intelligence feed. User: h.roberts.

Alert Metadata

Alert ID
ALR-00389
Timestamp
2026-07-11T05:55:49Z
Severity
Informational
Status
False Positive
Detection Source
SOC365 Engine
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-011
User Account
h.roberts
Source IP
91.55.195.20
Destination IP
10.3.45.82
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

05:55:49 Event ingested by SOC365 Engine
05:55:50 EmilyAI triage started — correlation enrichment
05:55:58 EmilyAI confidence: 95% — escalated to human analyst
05:56:23 Alert assigned to analyst: EmilyAI (auto)
05:57:00 Investigation started — querying SIEM and threat intelligence
06:04:25 Containment action taken — endpoint isolated
06:12:08 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00211 3h ago Anomalous DNS Query Medium False Positive SRV-APP-01
ALR-00078 6h ago Phishing Email Blocked Medium False Positive WS-LAP-011
ALR-00159 9h ago Anomalous DNS Query Informational Open WS-PC-006
ALR-00455 9h ago Anomalous DNS Query Low Escalated WS-PC-004
ALR-00007 20h ago Anomalous DNS Query Medium False Positive SRV-DC-01