Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:20:13 UTC

Ransomware Behaviour Detected

Medium False Positive
ALR-00264 · 2026-04-07T09:23:07Z

Description

File encryption behaviour detected on WS-LAP-012. 142 files renamed with .locked extension in 30 seconds. Email Gateway isolated endpoint.

Alert Metadata

Alert ID
ALR-00264
Timestamp
2026-04-07T09:23:07Z
Severity
Medium
Status
False Positive
Detection Source
Email Gateway
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
WS-LAP-012
User Account
e.evans
Source IP
45.223.148.178
Destination IP
10.3.131.9
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Impact
Technique
T1486
Reference
attack.mitre.org/techniques/T1486

Investigation Timeline

09:23:07 Event ingested by SOC365 Engine
09:23:12 EmilyAI triage started — correlation enrichment
09:23:17 EmilyAI confidence: 85% — escalated to human analyst
09:23:30 Alert assigned to analyst: Marcus Webb
09:23:57 Investigation started — querying SIEM and threat intelligence
09:27:12 Containment action taken — endpoint isolated
09:35:11 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00470 49m ago Ransomware Behaviour Detected Low Open WS-PC-001
ALR-00144 2h ago Ransomware Behaviour Detected Medium Investigating WS-LAP-011
ALR-00258 3h ago Ransomware Behaviour Detected Informational Open WS-LAP-010
ALR-00368 3h ago Shadow IT Discovery Low Resolved WS-LAP-012
ALR-00023 4h ago Pass-the-Hash Detected Low Escalated WS-LAP-012