Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:50:55 UTC

Ransomware Behaviour Detected

Informational Open
ALR-00289 · 2026-04-07T05:55:53Z

Description

File encryption behaviour detected on WS-MAC-005. 142 files renamed with .locked extension in 30 seconds. Firewall isolated endpoint.

Alert Metadata

Alert ID
ALR-00289
Timestamp
2026-04-07T05:55:53Z
Severity
Informational
Status
Open
Detection Source
Firewall
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-MAC-005
User Account
s.jones
Source IP
45.90.148.178
Destination IP
10.2.206.217
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Impact
Technique
T1486
Reference
attack.mitre.org/techniques/T1486

Investigation Timeline

05:55:53 Event ingested by SOC365 Engine
05:55:56 EmilyAI triage started — correlation enrichment
05:56:04 EmilyAI confidence: 90% — escalated to human analyst
05:56:29 Alert assigned to analyst: EmilyAI (auto)
05:57:58 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00087 3h ago Failed MFA Challenge Low Resolved WS-MAC-005
ALR-00256 4h ago Pass-the-Hash Detected Informational False Positive WS-MAC-005
ALR-00382 4h ago Ransomware Behaviour Detected Low Open WS-PC-004
ALR-00164 22h ago Ransomware Behaviour Detected Informational False Positive WS-LAP-010
ALR-00076 1d ago Ransomware Behaviour Detected Low False Positive AP-WIFI-03