Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:52:10 UTC

Anomalous DNS Query

High Investigating
ALR-00479 · 2026-07-11T09:33:52Z

Description

DNS query to known DGA-generated domain from AP-WIFI-03. Network IDS matched pattern against threat intelligence feed. User: k.brown.

Alert Metadata

Alert ID
ALR-00479
Timestamp
2026-07-11T09:33:52Z
Severity
High
Status
Investigating
Detection Source
Network IDS
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
AP-WIFI-03
User Account
k.brown
Source IP
91.30.195.33
Destination IP
10.1.71.222
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

09:33:52 Event ingested by SOC365 Engine
09:33:56 EmilyAI triage started — correlation enrichment
09:34:02 EmilyAI confidence: 92% — escalated to human analyst
09:34:19 Alert assigned to analyst: Anika Patel
09:36:09 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00496 2h ago Anomalous DNS Query Low Resolved SRV-DC-01
ALR-00143 2h ago Anomalous DNS Query Medium False Positive VM-DEV-01
ALR-00332 10h ago Tor Exit Node Connection Medium Resolved AP-WIFI-03
ALR-00068 11h ago Anomalous DNS Query Medium Resolved WS-PC-001
ALR-00446 12h ago Insider Threat Indicator High Escalated AP-WIFI-03