Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:54:00 UTC

Ransomware Behaviour Detected

Low Open
ALR-00098 · 2026-04-10T04:31:53Z

Description

File encryption behaviour detected on WS-PC-002. 142 files renamed with .locked extension in 30 seconds. Endpoint Agent isolated endpoint.

Alert Metadata

Alert ID
ALR-00098
Timestamp
2026-04-10T04:31:53Z
Severity
Low
Status
Open
Detection Source
Endpoint Agent
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-002
User Account
f.hall
Source IP
194.202.62.26
Destination IP
10.2.99.57
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Impact
Technique
T1486
Reference
attack.mitre.org/techniques/T1486

Investigation Timeline

04:31:53 Event ingested by SOC365 Engine
04:31:55 EmilyAI triage started — correlation enrichment
04:32:03 EmilyAI confidence: 79% — escalated to human analyst
04:32:37 Alert assigned to analyst: EmilyAI (auto)
04:33:03 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00254 2h ago Ransomware Behaviour Detected Medium False Positive SRV-FILE-01
ALR-00007 16h ago Ransomware Behaviour Detected Low Escalated AP-WIFI-03
ALR-00279 1d ago Ransomware Behaviour Detected Medium Escalated WS-PC-003
ALR-00252 1d ago Port Scan Detected Informational Escalated WS-PC-002
ALR-00101 1d ago Malware Signature Match Medium False Positive WS-PC-002