Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:54:00 UTC

Ransomware Behaviour Detected

Low Open
ALR-00427 · 2026-07-07T04:22:22Z

Description

File encryption behaviour detected on SRV-BACKUP-01. 142 files renamed with .locked extension in 30 seconds. Dark Web Monitor isolated endpoint.

Alert Metadata

Alert ID
ALR-00427
Timestamp
2026-07-07T04:22:22Z
Severity
Low
Status
Open
Detection Source
Dark Web Monitor
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
a.wilson
Source IP
91.95.195.240
Destination IP
10.2.98.79
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Impact
Technique
T1486
Reference
attack.mitre.org/techniques/T1486

Investigation Timeline

04:22:22 Event ingested by SOC365 Engine
04:22:27 EmilyAI triage started — correlation enrichment
04:22:28 EmilyAI confidence: 84% — escalated to human analyst
04:22:50 Alert assigned to analyst: EmilyAI (auto)
04:24:20 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00176 10h ago Brute Force SSH Low Open SRV-BACKUP-01
ALR-00238 13h ago Privilege Escalation Attempt Informational Open SRV-BACKUP-01
ALR-00439 13h ago Credential Stuffing Attempt Low False Positive SRV-BACKUP-01
ALR-00360 1d ago Ransomware Behaviour Detected Low False Positive SRV-MAIL-01
ALR-00121 1d ago Ransomware Behaviour Detected Low Resolved WS-PC-006