Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:39:48 UTC

Ransomware Behaviour Detected

Critical Escalated
ALR-00287 · 2026-07-11T08:36:39Z

Description

File encryption behaviour detected on WS-LAP-010. 142 files renamed with .locked extension in 30 seconds. DLP Module isolated endpoint.

Alert Metadata

Alert ID
ALR-00287
Timestamp
2026-07-11T08:36:39Z
Severity
Critical
Status
Escalated
Detection Source
DLP Module
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
WS-LAP-010
User Account
l.johnson
Source IP
45.34.148.224
Destination IP
10.0.197.142
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Impact
Technique
T1486
Reference
attack.mitre.org/techniques/T1486

Investigation Timeline

08:36:39 Event ingested by SOC365 Engine
08:36:44 EmilyAI triage started — correlation enrichment
08:36:46 EmilyAI confidence: 87% — escalated to human analyst
08:36:59 Alert assigned to analyst: Emma Richardson
08:39:20 Investigation started — querying SIEM and threat intelligence
08:40:43 Containment action taken — endpoint isolated
08:56:06 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00390 1h ago Phishing Email Blocked Low Resolved WS-LAP-010
ALR-00213 2h ago Ransomware Behaviour Detected Informational Investigating FW-EDGE-01
ALR-00103 3h ago Suspicious PowerShell Execution Medium False Positive WS-LAP-010
ALR-00192 5h ago Ransomware Behaviour Detected Medium Escalated WS-PC-003
ALR-00208 6h ago Unusual Outbound Traffic Medium Escalated WS-LAP-010