Ransomware Behaviour Detected
Medium
Investigating
ALR-00225 · 2026-07-08T04:53:40Z
Description
File encryption behaviour detected on SRV-APP-01. 142 files renamed with .locked extension in 30 seconds. SOC365 Engine isolated endpoint.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
04:53:40
Event ingested by SOC365 Engine
04:53:41
EmilyAI triage started — correlation enrichment
04:53:50
EmilyAI confidence: 82% — escalated to human analyst
04:54:25
Alert assigned to analyst: Sarah Chen
04:54:58
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00177 | 2h ago | Ransomware Behaviour Detected | Medium | Resolved | SRV-BACKUP-01 |
| ALR-00394 | 3h ago | Ransomware Behaviour Detected | Low | Open | SRV-SQL-01 |
| ALR-00127 | 5h ago | Ransomware Behaviour Detected | Low | False Positive | WS-MAC-005 |
| ALR-00033 | 11h ago | Ransomware Behaviour Detected | High | Investigating | SRV-DC-01 |
| ALR-00102 | 11h ago | Brute Force SSH | Low | False Positive | SRV-APP-01 |