Ransomware Behaviour Detected
Critical
Escalated
ALR-00287 · 2026-07-11T08:36:39Z
Description
File encryption behaviour detected on WS-LAP-010. 142 files renamed with .locked extension in 30 seconds. DLP Module isolated endpoint.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
08:36:39
Event ingested by SOC365 Engine
08:36:44
EmilyAI triage started — correlation enrichment
08:36:46
EmilyAI confidence: 87% — escalated to human analyst
08:36:59
Alert assigned to analyst: Emma Richardson
08:39:20
Investigation started — querying SIEM and threat intelligence
08:40:43
Containment action taken — endpoint isolated
08:56:06
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00390 | 1h ago | Phishing Email Blocked | Low | Resolved | WS-LAP-010 |
| ALR-00213 | 2h ago | Ransomware Behaviour Detected | Informational | Investigating | FW-EDGE-01 |
| ALR-00103 | 3h ago | Suspicious PowerShell Execution | Medium | False Positive | WS-LAP-010 |
| ALR-00192 | 5h ago | Ransomware Behaviour Detected | Medium | Escalated | WS-PC-003 |
| ALR-00208 | 6h ago | Unusual Outbound Traffic | Medium | Escalated | WS-LAP-010 |