Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 16:51:52 UTC

Anomalous DNS Query

Medium Escalated
ALR-00486 · 2026-04-08T09:17:13Z

Description

DNS query to known DGA-generated domain from VM-DEV-01. Firewall matched pattern against threat intelligence feed. User: l.johnson.

Alert Metadata

Alert ID
ALR-00486
Timestamp
2026-04-08T09:17:13Z
Severity
Medium
Status
Escalated
Detection Source
Firewall
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
VM-DEV-01
User Account
l.johnson
Source IP
103.147.216.49
Destination IP
10.1.99.212
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Command and Control
Technique
T1568.002
Reference
attack.mitre.org/techniques/T1568.002

Investigation Timeline

09:17:13 Event ingested by SOC365 Engine
09:17:16 EmilyAI triage started — correlation enrichment
09:17:24 EmilyAI confidence: 98% — escalated to human analyst
09:17:39 Alert assigned to analyst: Anika Patel
09:19:16 Investigation started — querying SIEM and threat intelligence
09:21:45 Containment action taken — endpoint isolated
09:32:25 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00253 10h ago Kerberoasting Attempt Low Resolved VM-DEV-01
ALR-00127 11h ago Anomalous DNS Query Informational False Positive FW-EDGE-01
ALR-00350 14h ago Tor Exit Node Connection Medium Escalated VM-DEV-01
ALR-00471 21h ago Port Scan Detected Low Escalated VM-DEV-01
ALR-00264 23h ago DLP Policy Violation High Open VM-DEV-01