Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:07:50 UTC

Ransomware Behaviour Detected

High Open
ALR-00317 · 2026-05-22T10:54:04Z

Description

File encryption behaviour detected on WS-PC-003. 142 files renamed with .locked extension in 30 seconds. DecoyPulse isolated endpoint.

Alert Metadata

Alert ID
ALR-00317
Timestamp
2026-05-22T10:54:04Z
Severity
High
Status
Open
Detection Source
DecoyPulse
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-PC-003
User Account
system
Source IP
45.191.148.57
Destination IP
10.3.167.97
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Impact
Technique
T1486
Reference
attack.mitre.org/techniques/T1486

Investigation Timeline

10:54:04 Event ingested by SOC365 Engine
10:54:08 EmilyAI triage started — correlation enrichment
10:54:17 EmilyAI confidence: 88% — escalated to human analyst
10:54:40 Alert assigned to analyst: James Okonkwo
10:55:36 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00079 8h ago Ransomware Behaviour Detected Low Escalated WS-PC-004
ALR-00429 10h ago Ransomware Behaviour Detected Medium False Positive WS-LAP-011
ALR-00196 21h ago Credential Stuffing Attempt Medium Resolved WS-PC-003
ALR-00323 1d ago Suspicious Scheduled Task Medium False Positive WS-PC-003
ALR-00200 1d ago Anomalous DNS Query Informational Escalated WS-PC-003