Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:14:07 UTC

Ransomware Behaviour Detected

Medium Open
ALR-00281 · 2026-05-26T13:15:05Z

Description

File encryption behaviour detected on WS-PC-003. 142 files renamed with .locked extension in 30 seconds. Attack Surface Scanner isolated endpoint.

Alert Metadata

Alert ID
ALR-00281
Timestamp
2026-05-26T13:15:05Z
Severity
Medium
Status
Open
Detection Source
Attack Surface Scanner
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
WS-PC-003
User Account
h.roberts
Source IP
45.195.148.130
Destination IP
10.3.78.55
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Impact
Technique
T1486
Reference
attack.mitre.org/techniques/T1486

Investigation Timeline

13:15:05 Event ingested by SOC365 Engine
13:15:08 EmilyAI triage started — correlation enrichment
13:15:20 EmilyAI confidence: 85% — escalated to human analyst
13:15:30 Alert assigned to analyst: Emma Richardson
13:17:18 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00247 1h ago Unauthorised USB Device Medium Investigating WS-PC-003
ALR-00110 2h ago Credential Stuffing Attempt Low Open WS-PC-003
ALR-00454 3h ago Credential Stuffing Attempt Low Resolved WS-PC-003
ALR-00156 12h ago Ransomware Behaviour Detected High Open FW-EDGE-01
ALR-00458 12h ago Ransomware Behaviour Detected Medium Resolved WS-PC-004