Ransomware Behaviour Detected
Low
Resolved
ALR-00085 · 2026-07-11T06:12:52Z
Description
File encryption behaviour detected on FW-EDGE-01. 142 files renamed with .locked extension in 30 seconds. Firewall isolated endpoint.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
06:12:52
Event ingested by SOC365 Engine
06:12:53
EmilyAI triage started — correlation enrichment
06:13:05
EmilyAI confidence: 93% — escalated to human analyst
06:13:35
Alert assigned to analyst: EmilyAI (auto)
06:14:36
Investigation started — querying SIEM and threat intelligence
06:18:22
Containment action taken — endpoint isolated
06:27:42
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00333 | 5h ago | Ransomware Behaviour Detected | Medium | Open | WS-LAP-012 |
| ALR-00091 | 10h ago | Credential Stuffing Attempt | Low | Investigating | FW-EDGE-01 |
| ALR-00386 | 14h ago | Ransomware Behaviour Detected | Medium | Resolved | WS-PC-001 |
| ALR-00339 | 18h ago | Ransomware Behaviour Detected | Low | Escalated | AP-WIFI-03 |
| ALR-00018 | 18h ago | Ransomware Behaviour Detected | Critical | Open | SRV-MAIL-01 |