Ransomware Behaviour Detected
Medium
False Positive
ALR-00055 · 2026-07-07T16:00:06Z
Description
File encryption behaviour detected on WS-PC-006. 142 files renamed with .locked extension in 30 seconds. DLP Module isolated endpoint.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
16:00:06
Event ingested by SOC365 Engine
16:00:11
EmilyAI triage started — correlation enrichment
16:00:11
EmilyAI confidence: 98% — escalated to human analyst
16:00:34
Alert assigned to analyst: Anika Patel
16:02:49
Investigation started — querying SIEM and threat intelligence
16:05:59
Containment action taken — endpoint isolated
16:19:35
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00153 | 7h ago | Ransomware Behaviour Detected | High | Investigating | AP-WIFI-03 |
| ALR-00061 | 16h ago | Phishing Email Blocked | High | Investigating | WS-PC-006 |
| ALR-00081 | 18h ago | Ransomware Behaviour Detected | Low | Resolved | SRV-APP-01 |
| ALR-00117 | 1d ago | Suspicious Scheduled Task | Low | Open | WS-PC-006 |
| ALR-00154 | 1d ago | Brute Force SSH | Medium | False Positive | WS-PC-006 |