Ransomware Behaviour Detected
Low
Open
ALR-00121 · 2026-07-07T23:47:56Z
Description
File encryption behaviour detected on WS-PC-004. 142 files renamed with .locked extension in 30 seconds. DLP Module isolated endpoint.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
23:47:56
Event ingested by SOC365 Engine
23:47:57
EmilyAI triage started — correlation enrichment
23:48:09
EmilyAI confidence: 98% — escalated to human analyst
23:48:26
Alert assigned to analyst: EmilyAI (auto)
23:49:26
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00091 | 56m ago | Ransomware Behaviour Detected | Low | False Positive | VM-DEV-01 |
| ALR-00260 | 3h ago | Ransomware Behaviour Detected | Informational | Escalated | WS-PC-004 |
| ALR-00010 | 8h ago | Failed MFA Challenge | Informational | Open | WS-PC-004 |
| ALR-00011 | 12h ago | Ransomware Behaviour Detected | Medium | Resolved | SRV-SQL-01 |
| ALR-00214 | 12h ago | Ransomware Behaviour Detected | Medium | Escalated | VM-DEV-01 |