Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:10:51 UTC

Ransomware behaviour alert on WS-LAP-011 — please investigate

TKT-0006 Urgent In Progress Incident Response
Created By
a.wilson
Created
2026-05-12 12:23
Last Updated
2026-05-13 16:26
Assigned Analyst
Marcus Webb
Category
Incident Response
Messages
6

Conversation

a.wilson Customer
2026-05-12 12:23
We've noticed some concerning activity and would like the SOC team to investigate urgently.

Subject: Ransomware behaviour alert on WS-LAP-011 — please investigate

Please provide an initial assessment as soon as possible. Our IT team is standing by to assist with any containment actions needed.
Marcus Webb SOC Analyst
2026-05-12 14:44
Good news — our analysis confirms this is a true positive. We've implemented the containment measures and will send a full incident summary within 24 hours.
a.wilson Customer
2026-05-12 18:20
Thanks. Could you also check if any other accounts were affected?
Marcus Webb SOC Analyst
2026-05-12 20:10
The alert you referenced (ALR-00023) was generated by our DecoyPulse honeypot system. This has zero false positive rate — the activity is genuine and warrants investigation.
a.wilson Customer
2026-05-12 23:56
The affected user has confirmed they changed their password. Can you verify MFA is active?
Marcus Webb SOC Analyst
2026-05-13 02:51
Thank you for raising this. I've reviewed the alert and can confirm we're investigating. I'll update you within the hour.

Reply