Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:53:51 UTC

Ransomware Behaviour Detected

Medium Resolved
ALR-00086 · 2026-05-21T22:17:00Z

Description

File encryption behaviour detected on SRV-FILE-01. 142 files renamed with .locked extension in 30 seconds. Cloud Connector isolated endpoint.

Alert Metadata

Alert ID
ALR-00086
Timestamp
2026-05-21T22:17:00Z
Severity
Medium
Status
Resolved
Detection Source
Cloud Connector
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
SRV-FILE-01
User Account
m.taylor
Source IP
91.159.195.198
Destination IP
10.1.177.237
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Impact
Technique
T1486
Reference
attack.mitre.org/techniques/T1486

Investigation Timeline

22:17:00 Event ingested by SOC365 Engine
22:17:04 EmilyAI triage started — correlation enrichment
22:17:13 EmilyAI confidence: 96% — escalated to human analyst
22:17:17 Alert assigned to analyst: James Okonkwo
22:18:51 Investigation started — querying SIEM and threat intelligence
22:21:16 Containment action taken — endpoint isolated
22:29:05 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00421 57m ago Failed MFA Challenge Medium Investigating SRV-FILE-01
ALR-00463 2h ago Ransomware Behaviour Detected Informational Investigating SRV-FILE-01
ALR-00042 3h ago Ransomware Behaviour Detected Informational Escalated SRV-MAIL-01
ALR-00124 4h ago Ransomware Behaviour Detected Low Investigating WS-MAC-005
ALR-00079 8h ago Ransomware Behaviour Detected Medium Investigating WS-PC-006