Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:38:42 UTC

Ransomware Behaviour Detected

Low False Positive
ALR-00044 · 2026-07-05T04:44:10Z

Description

File encryption behaviour detected on SRV-DC-01. 142 files renamed with .locked extension in 30 seconds. Attack Surface Scanner isolated endpoint.

Alert Metadata

Alert ID
ALR-00044
Timestamp
2026-07-05T04:44:10Z
Severity
Low
Status
False Positive
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-DC-01
User Account
c.williams
Source IP
194.168.62.64
Destination IP
10.3.220.68
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Impact
Technique
T1486
Reference
attack.mitre.org/techniques/T1486

Investigation Timeline

04:44:10 Event ingested by SOC365 Engine
04:44:11 EmilyAI triage started — correlation enrichment
04:44:16 EmilyAI confidence: 81% — escalated to human analyst
04:44:54 Alert assigned to analyst: EmilyAI (auto)
04:46:21 Investigation started — querying SIEM and threat intelligence
04:48:58 Containment action taken — endpoint isolated
05:02:38 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00089 5h ago Ransomware Behaviour Detected Medium False Positive WS-LAP-011
ALR-00110 7h ago Insider Threat Indicator Medium Investigating SRV-DC-01
ALR-00201 8h ago Credential Stuffing Attempt Medium Resolved SRV-DC-01
ALR-00134 1d ago Ransomware Behaviour Detected Low False Positive FW-EDGE-01
ALR-00324 1d ago Ransomware Behaviour Detected Informational Resolved SRV-APP-01