Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:55:08 UTC

Ransomware Behaviour Detected

Medium False Positive
ALR-00043 · 2026-04-06T23:28:33Z

Description

File encryption behaviour detected on WS-LAP-010. 142 files renamed with .locked extension in 30 seconds. Endpoint Agent isolated endpoint.

Alert Metadata

Alert ID
ALR-00043
Timestamp
2026-04-06T23:28:33Z
Severity
Medium
Status
False Positive
Detection Source
Endpoint Agent
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-LAP-010
User Account
j.smith
Source IP
91.50.195.80
Destination IP
10.0.173.148
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Impact
Technique
T1486
Reference
attack.mitre.org/techniques/T1486

Investigation Timeline

23:28:33 Event ingested by SOC365 Engine
23:28:37 EmilyAI triage started — correlation enrichment
23:28:47 EmilyAI confidence: 80% — escalated to human analyst
23:29:01 Alert assigned to analyst: James Okonkwo
23:31:20 Investigation started — querying SIEM and threat intelligence
23:32:11 Containment action taken — endpoint isolated
23:46:57 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00009 1h ago Anomalous DNS Query Medium Investigating WS-LAP-010
ALR-00093 7h ago Data Exfiltration Attempt Informational Open WS-LAP-010
ALR-00386 13h ago Ransomware Behaviour Detected Low False Positive VM-DEV-01
ALR-00453 18h ago DLP Policy Violation Low False Positive WS-LAP-010
ALR-00455 18h ago Brute Force SSH Medium Open WS-LAP-010