Ransomware Behaviour Detected
Medium
Resolved
ALR-00230 · 2026-07-11T12:14:11Z
Description
File encryption behaviour detected on AP-WIFI-03. 142 files renamed with .locked extension in 30 seconds. EmilyAI Triage isolated endpoint.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
12:14:11
Event ingested by SOC365 Engine
12:14:12
EmilyAI triage started — correlation enrichment
12:14:18
EmilyAI confidence: 86% — escalated to human analyst
12:14:40
Alert assigned to analyst: Anika Patel
12:16:49
Investigation started — querying SIEM and threat intelligence
12:22:47
Containment action taken — endpoint isolated
12:31:16
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00009 | 10h ago | Ransomware Behaviour Detected | Medium | Escalated | SW-CORE-01 |
| ALR-00182 | 12h ago | Ransomware Behaviour Detected | Low | Open | WS-LAP-010 |
| ALR-00103 | 13h ago | Privilege Escalation Attempt | Informational | Resolved | AP-WIFI-03 |
| ALR-00500 | 13h ago | Suspicious Scheduled Task | Medium | Investigating | AP-WIFI-03 |
| ALR-00144 | 1d ago | Ransomware Behaviour Detected | Low | Escalated | SRV-APP-01 |