Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:24:13 UTC

Ransomware Behaviour Detected

High Escalated
ALR-00252 · 2026-04-09T17:25:30Z

Description

File encryption behaviour detected on SRV-SQL-01. 142 files renamed with .locked extension in 30 seconds. Attack Surface Scanner isolated endpoint.

Alert Metadata

Alert ID
ALR-00252
Timestamp
2026-04-09T17:25:30Z
Severity
High
Status
Escalated
Detection Source
Attack Surface Scanner
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
SRV-SQL-01
User Account
n.clark
Source IP
185.151.220.97
Destination IP
10.1.145.90
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Impact
Technique
T1486
Reference
attack.mitre.org/techniques/T1486

Investigation Timeline

17:25:30 Event ingested by SOC365 Engine
17:25:34 EmilyAI triage started — correlation enrichment
17:25:36 EmilyAI confidence: 79% — escalated to human analyst
17:26:10 Alert assigned to analyst: Emma Richardson
17:26:36 Investigation started — querying SIEM and threat intelligence
17:34:10 Containment action taken — endpoint isolated
17:41:35 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00085 1h ago Ransomware Behaviour Detected Low Open WS-MAC-005
ALR-00058 9h ago Ransomware Behaviour Detected High Investigating SRV-WEB-01
ALR-00299 10h ago Ransomware Behaviour Detected Low Investigating WS-PC-002
ALR-00440 13h ago Anomalous DNS Query Critical Investigating SRV-SQL-01
ALR-00277 22h ago Rogue DHCP Server Low Investigating SRV-SQL-01