Anomalous DNS Query
Low
False Positive
ALR-00486 · 2026-07-11T14:32:31Z
Description
DNS query to known DGA-generated domain from AP-WIFI-03. Network IDS matched pattern against threat intelligence feed. User: n.clark.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
14:32:31
Event ingested by SOC365 Engine
14:32:33
EmilyAI triage started — correlation enrichment
14:32:38
EmilyAI confidence: 80% — escalated to human analyst
14:32:50
Alert assigned to analyst: EmilyAI (auto)
14:33:44
Investigation started — querying SIEM and threat intelligence
14:35:37
Containment action taken — endpoint isolated
14:43:47
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00294 | 27m ago | Brute Force SSH | Low | Open | AP-WIFI-03 |
| ALR-00312 | 45m ago | Anomalous DNS Query | Medium | False Positive | WS-PC-002 |
| ALR-00463 | 5h ago | DecoyPulse Honeypot Triggered | High | Open | AP-WIFI-03 |
| ALR-00038 | 5h ago | Anomalous DNS Query | Medium | False Positive | WS-LAP-010 |
| ALR-00155 | 11h ago | Certificate Anomaly | Medium | Resolved | AP-WIFI-03 |