Ransomware Behaviour Detected
Informational
Open
ALR-00024 · 2026-07-09T08:20:35Z
Description
File encryption behaviour detected on SRV-APP-01. 142 files renamed with .locked extension in 30 seconds. EmilyAI Triage isolated endpoint.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
08:20:35
Event ingested by SOC365 Engine
08:20:40
EmilyAI triage started — correlation enrichment
08:20:48
EmilyAI confidence: 82% — escalated to human analyst
08:21:03
Alert assigned to analyst: EmilyAI (auto)
08:22:33
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00241 | 18m ago | Kerberoasting Attempt | Low | Escalated | SRV-APP-01 |
| ALR-00095 | 22m ago | Data Exfiltration Attempt | Medium | Investigating | SRV-APP-01 |
| ALR-00055 | 3h ago | Port Scan Detected | High | Open | SRV-APP-01 |
| ALR-00284 | 3h ago | Ransomware Behaviour Detected | Medium | False Positive | WS-PC-003 |
| ALR-00231 | 10h ago | Pass-the-Hash Detected | Informational | Resolved | SRV-APP-01 |