Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:51:34 UTC

C2 Beacon Activity

Medium Escalated
ALR-00476 · 2026-05-20T17:05:55Z

Description

Suspected C2 beacon detected from SRV-APP-01. Regular 60-second interval HTTPS POST to suspicious domain. DLP Module blocked outbound.

Alert Metadata

Alert ID
ALR-00476
Timestamp
2026-05-20T17:05:55Z
Severity
Medium
Status
Escalated
Detection Source
DLP Module
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
SRV-APP-01
User Account
f.hall
Source IP
185.137.220.101
Destination IP
10.2.215.184
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1071.001
Reference
attack.mitre.org/techniques/T1071.001

Investigation Timeline

17:05:55 Event ingested by SOC365 Engine
17:05:59 EmilyAI triage started — correlation enrichment
17:06:10 EmilyAI confidence: 83% — escalated to human analyst
17:06:16 Alert assigned to analyst: James Okonkwo
17:08:14 Investigation started — querying SIEM and threat intelligence
17:09:12 Containment action taken — endpoint isolated
17:23:46 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00058 57m ago Ransomware Behaviour Detected Critical Investigating SRV-APP-01
ALR-00425 4h ago Lateral Movement Detected Medium False Positive SRV-APP-01
ALR-00012 5h ago C2 Beacon Activity Medium Open WS-PC-006
ALR-00243 5h ago Tor Exit Node Connection Low False Positive SRV-APP-01
ALR-00256 5h ago Privilege Escalation Attempt Low Escalated SRV-APP-01