Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:21:32 UTC

Ransomware Behaviour Detected

Medium Escalated
ALR-00243 · 2026-04-08T01:27:39Z

Description

File encryption behaviour detected on SW-CORE-01. 142 files renamed with .locked extension in 30 seconds. Firewall isolated endpoint.

Alert Metadata

Alert ID
ALR-00243
Timestamp
2026-04-08T01:27:39Z
Severity
Medium
Status
Escalated
Detection Source
Firewall
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SW-CORE-01
User Account
c.williams
Source IP
103.245.216.43
Destination IP
10.0.65.225
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Impact
Technique
T1486
Reference
attack.mitre.org/techniques/T1486

Investigation Timeline

01:27:39 Event ingested by SOC365 Engine
01:27:44 EmilyAI triage started — correlation enrichment
01:27:46 EmilyAI confidence: 92% — escalated to human analyst
01:27:54 Alert assigned to analyst: Anika Patel
01:30:24 Investigation started — querying SIEM and threat intelligence
01:31:38 Containment action taken — endpoint isolated
01:40:02 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00263 4h ago Pass-the-Hash Detected High Investigating SW-CORE-01
ALR-00055 5h ago Malware Signature Match Medium Open SW-CORE-01
ALR-00238 8h ago Unusual Outbound Traffic Informational Open SW-CORE-01
ALR-00202 11h ago Lateral Movement Detected Low Resolved SW-CORE-01
ALR-00010 16h ago Phishing Email Blocked Low Investigating SW-CORE-01