Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:42:39 UTC

Ransomware Behaviour Detected

Informational Escalated
ALR-00043 · 2026-07-09T23:28:15Z

Description

File encryption behaviour detected on WS-LAP-010. 142 files renamed with .locked extension in 30 seconds. DecoyPulse isolated endpoint.

Alert Metadata

Alert ID
ALR-00043
Timestamp
2026-07-09T23:28:15Z
Severity
Informational
Status
Escalated
Detection Source
DecoyPulse
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-010
User Account
h.roberts
Source IP
91.78.195.82
Destination IP
10.1.123.85
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Impact
Technique
T1486
Reference
attack.mitre.org/techniques/T1486

Investigation Timeline

23:28:15 Event ingested by SOC365 Engine
23:28:19 EmilyAI triage started — correlation enrichment
23:28:21 EmilyAI confidence: 93% — escalated to human analyst
23:28:52 Alert assigned to analyst: EmilyAI (auto)
23:30:18 Investigation started — querying SIEM and threat intelligence
23:37:26 Containment action taken — endpoint isolated
23:45:46 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00284 3h ago Ransomware Behaviour Detected Medium False Positive WS-PC-003
ALR-00345 9h ago Suspicious Scheduled Task Low Escalated WS-LAP-010
ALR-00073 13h ago Insider Threat Indicator Informational Investigating WS-LAP-010
ALR-00189 20h ago DLP Policy Violation Informational False Positive WS-LAP-010
ALR-00227 20h ago Ransomware Behaviour Detected Informational Investigating AP-WIFI-03