Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:55:45 UTC

Ransomware Behaviour Detected

Low Open
ALR-00165 · 2026-07-06T10:33:18Z

Description

File encryption behaviour detected on SRV-FILE-01. 142 files renamed with .locked extension in 30 seconds. EmilyAI Triage isolated endpoint.

Alert Metadata

Alert ID
ALR-00165
Timestamp
2026-07-06T10:33:18Z
Severity
Low
Status
Open
Detection Source
EmilyAI Triage
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-FILE-01
User Account
d.walker
Source IP
45.130.148.175
Destination IP
10.3.119.222
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Impact
Technique
T1486
Reference
attack.mitre.org/techniques/T1486

Investigation Timeline

10:33:18 Event ingested by SOC365 Engine
10:33:19 EmilyAI triage started — correlation enrichment
10:33:23 EmilyAI confidence: 86% — escalated to human analyst
10:33:45 Alert assigned to analyst: EmilyAI (auto)
10:35:29 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00237 2h ago Ransomware Behaviour Detected Informational Resolved SRV-BACKUP-01
ALR-00086 3h ago Suspicious PowerShell Execution Informational Open SRV-FILE-01
ALR-00313 4h ago Failed MFA Challenge Informational Investigating SRV-FILE-01
ALR-00250 6h ago Suspicious PowerShell Execution Low Resolved SRV-FILE-01
ALR-00354 6h ago Insider Threat Indicator Informational Investigating SRV-FILE-01