Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:22:42 UTC

Anomalous DNS Query

Informational Resolved
ALR-00471 · 2026-04-07T08:46:58Z

Description

DNS query to known DGA-generated domain from SRV-APP-01. Firewall matched pattern against threat intelligence feed. User: s.jones.

Alert Metadata

Alert ID
ALR-00471
Timestamp
2026-04-07T08:46:58Z
Severity
Informational
Status
Resolved
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-APP-01
User Account
s.jones
Source IP
194.239.62.74
Destination IP
10.0.214.89
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

08:46:58 Event ingested by SOC365 Engine
08:47:01 EmilyAI triage started — correlation enrichment
08:47:08 EmilyAI confidence: 85% — escalated to human analyst
08:47:33 Alert assigned to analyst: EmilyAI (auto)
08:49:02 Investigation started — querying SIEM and threat intelligence
08:54:34 Containment action taken — endpoint isolated
09:06:40 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00336 8h ago Malware Signature Match Medium Escalated SRV-APP-01
ALR-00075 9h ago Anomalous DNS Query Medium Investigating AP-WIFI-03
ALR-00248 17h ago Tor Exit Node Connection Medium Open SRV-APP-01
ALR-00130 17h ago Anomalous DNS Query Medium Open SRV-FILE-01
ALR-00110 20h ago Anomalous DNS Query Low Escalated WS-MAC-005