Ransomware Behaviour Detected
Informational
Open
ALR-00109 · 2026-05-27T00:28:03Z
Description
File encryption behaviour detected on SRV-FILE-01. 142 files renamed with .locked extension in 30 seconds. Endpoint Agent isolated endpoint.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
00:28:03
Event ingested by SOC365 Engine
00:28:07
EmilyAI triage started — correlation enrichment
00:28:08
EmilyAI confidence: 94% — escalated to human analyst
00:28:18
Alert assigned to analyst: EmilyAI (auto)
00:30:04
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00076 | 13h ago | Ransomware Behaviour Detected | Medium | Investigating | WS-MAC-005 |
| ALR-00270 | 14h ago | Ransomware Behaviour Detected | Low | Resolved | WS-LAP-010 |
| ALR-00340 | 14h ago | Ransomware Behaviour Detected | Informational | Open | WS-PC-002 |
| ALR-00165 | 14h ago | Ransomware Behaviour Detected | High | Investigating | WS-PC-001 |
| ALR-00021 | 18h ago | Ransomware Behaviour Detected | Low | Open | WS-PC-002 |