Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:40:12 UTC

Ransomware behaviour alert on WS-LAP-011 — please investigate

TKT-0006 Urgent In Progress Incident Response
Created By
r.davies
Created
2026-06-20 10:18
Last Updated
2026-06-21 05:26
Assigned Analyst
Anika Patel
Category
Incident Response
Messages
9

Conversation

r.davies Customer
2026-06-20 10:18
We've noticed some concerning activity and would like the SOC team to investigate urgently.

Subject: Ransomware behaviour alert on WS-LAP-011 — please investigate

Please provide an initial assessment as soon as possible. Our IT team is standing by to assist with any containment actions needed.
Anika Patel SOC Analyst
2026-06-20 12:09
The alert you referenced (ALR-00023) was generated by our DecoyPulse honeypot system. This has zero false positive rate — the activity is genuine and warrants investigation.
r.davies Customer
2026-06-20 13:35
Thanks for the quick response. Can you send me the full timeline when it's ready?
Anika Patel SOC Analyst
2026-06-20 15:34
Thank you for raising this. I've reviewed the alert and can confirm we're investigating. I'll update you within the hour.
r.davies Customer
2026-06-20 16:05
The affected user has confirmed they changed their password. Can you verify MFA is active?
Anika Patel SOC Analyst
2026-06-20 19:20
Good news — our analysis confirms this is a true positive. We've implemented the containment measures and will send a full incident summary within 24 hours.
r.davies Customer
2026-06-20 20:09
We've applied the patch on our end. Can you run a verification scan?
Anika Patel SOC Analyst
2026-06-20 21:21
I've checked the logs for the time period you mentioned. The activity was flagged by our EmilyAI triage system and has been escalated for manual review.
r.davies Customer
2026-06-20 22:11
Thanks for the quick response. Can you send me the full timeline when it's ready?

Reply