Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:51:19 UTC

C2 Beacon Activity

Informational Open
ALR-00411 · 2026-07-10T05:36:59Z

Description

Suspected C2 beacon detected from WS-PC-004. Regular 60-second interval HTTPS POST to suspicious domain. Endpoint Agent blocked outbound.

Alert Metadata

Alert ID
ALR-00411
Timestamp
2026-07-10T05:36:59Z
Severity
Informational
Status
Open
Detection Source
Endpoint Agent
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-004
User Account
n.clark
Source IP
185.19.220.149
Destination IP
10.3.194.134
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1071.001
Reference
attack.mitre.org/techniques/T1071.001

Investigation Timeline

05:36:59 Event ingested by SOC365 Engine
05:37:00 EmilyAI triage started — correlation enrichment
05:37:09 EmilyAI confidence: 79% — escalated to human analyst
05:37:38 Alert assigned to analyst: EmilyAI (auto)
05:37:52 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00356 2h ago Anomalous DNS Query Medium Open WS-PC-004
ALR-00285 2h ago Port Scan Detected Low False Positive WS-PC-004
ALR-00390 3h ago C2 Beacon Activity Low Open SRV-DC-01
ALR-00150 9h ago Shadow IT Discovery Informational Investigating WS-PC-004
ALR-00019 23h ago Failed MFA Challenge Medium Resolved WS-PC-004