Ransomware Behaviour Detected
Critical
Investigating
ALR-00061 · 2026-07-07T01:24:24Z
Description
File encryption behaviour detected on SRV-DC-01. 142 files renamed with .locked extension in 30 seconds. SOC365 Engine isolated endpoint.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
01:24:24
Event ingested by SOC365 Engine
01:24:29
EmilyAI triage started — correlation enrichment
01:24:32
EmilyAI confidence: 80% — escalated to human analyst
01:24:59
Alert assigned to analyst: James Okonkwo
01:26:54
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00469 | 2h ago | Ransomware Behaviour Detected | Informational | Open | WS-LAP-012 |
| ALR-00188 | 8h ago | Ransomware Behaviour Detected | Medium | Escalated | FW-EDGE-01 |
| ALR-00277 | 9h ago | Phishing Email Blocked | Medium | Resolved | SRV-DC-01 |
| ALR-00112 | 16h ago | Ransomware Behaviour Detected | Medium | Escalated | SRV-FILE-01 |
| ALR-00369 | 16h ago | Ransomware Behaviour Detected | High | Investigating | SRV-FILE-01 |