Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:26:11 UTC

Ransomware Behaviour Detected

Medium Investigating
ALR-00101 · 2026-04-06T16:29:17Z

Description

File encryption behaviour detected on WS-PC-002. 142 files renamed with .locked extension in 30 seconds. Attack Surface Scanner isolated endpoint.

Alert Metadata

Alert ID
ALR-00101
Timestamp
2026-04-06T16:29:17Z
Severity
Medium
Status
Investigating
Detection Source
Attack Surface Scanner
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-PC-002
User Account
n.clark
Source IP
91.253.195.187
Destination IP
10.3.190.176
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Impact
Technique
T1486
Reference
attack.mitre.org/techniques/T1486

Investigation Timeline

16:29:17 Event ingested by SOC365 Engine
16:29:18 EmilyAI triage started — correlation enrichment
16:29:30 EmilyAI confidence: 80% — escalated to human analyst
16:30:00 Alert assigned to analyst: James Okonkwo
16:31:13 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00407 31m ago Certificate Anomaly Low Open WS-PC-002
ALR-00325 7h ago Data Exfiltration Attempt Medium Investigating WS-PC-002
ALR-00255 9h ago Kerberoasting Attempt Low Escalated WS-PC-002
ALR-00438 12h ago Brute Force SSH Low Escalated WS-PC-002
ALR-00387 12h ago Ransomware Behaviour Detected Low Investigating WS-PC-001