Ransomware Behaviour Detected
Critical
Open
ALR-00357 · 2026-07-09T21:24:35Z
Description
File encryption behaviour detected on WS-PC-002. 142 files renamed with .locked extension in 30 seconds. Firewall isolated endpoint.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
21:24:35
Event ingested by SOC365 Engine
21:24:40
EmilyAI triage started — correlation enrichment
21:24:45
EmilyAI confidence: 84% — escalated to human analyst
21:25:10
Alert assigned to analyst: James Okonkwo
21:27:12
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00002 | 1h ago | Data Exfiltration Attempt | Informational | Resolved | WS-PC-002 |
| ALR-00090 | 2h ago | Credential Stuffing Attempt | Informational | Escalated | WS-PC-002 |
| ALR-00284 | 3h ago | Shadow IT Discovery | High | Escalated | WS-PC-002 |
| ALR-00242 | 14h ago | Ransomware Behaviour Detected | Low | Investigating | SRV-FILE-01 |
| ALR-00340 | 16h ago | Insider Threat Indicator | Medium | Open | WS-PC-002 |