Ransomware Behaviour Detected
Informational
Resolved
ALR-00304 · 2026-07-10T04:46:47Z
Description
File encryption behaviour detected on AP-WIFI-03. 142 files renamed with .locked extension in 30 seconds. Dark Web Monitor isolated endpoint.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
04:46:47
Event ingested by SOC365 Engine
04:46:50
EmilyAI triage started — correlation enrichment
04:46:52
EmilyAI confidence: 82% — escalated to human analyst
04:47:11
Alert assigned to analyst: EmilyAI (auto)
04:48:58
Investigation started — querying SIEM and threat intelligence
04:51:40
Containment action taken — endpoint isolated
05:06:02
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00438 | 10h ago | Ransomware Behaviour Detected | Low | Open | AP-WIFI-03 |
| ALR-00419 | 11h ago | Ransomware Behaviour Detected | Informational | Escalated | SRV-BACKUP-01 |
| ALR-00158 | 18h ago | Malware Signature Match | Low | Investigating | AP-WIFI-03 |
| ALR-00307 | 19h ago | Insider Threat Indicator | Low | Open | AP-WIFI-03 |
| ALR-00075 | 19h ago | Pass-the-Hash Detected | Low | Investigating | AP-WIFI-03 |