Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:24:54 UTC

DecoyPulse Honeypot Triggered

Low Open
ALR-00010 · 2026-07-05T09:33:21Z

Description

DecoyPulse honeypot on SRV-BACKUP-01 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.

Alert Metadata

Alert ID
ALR-00010
Timestamp
2026-07-05T09:33:21Z
Severity
Low
Status
Open
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
f.hall
Source IP
194.15.62.197
Destination IP
10.0.51.138
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1018
Reference
attack.mitre.org/techniques/T1018

Investigation Timeline

09:33:21 Event ingested by SOC365 Engine
09:33:24 EmilyAI triage started — correlation enrichment
09:33:29 EmilyAI confidence: 91% — escalated to human analyst
09:34:06 Alert assigned to analyst: EmilyAI (auto)
09:35:09 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00059 24m ago Kerberoasting Attempt Informational Investigating SRV-BACKUP-01
ALR-00472 9h ago Ransomware Behaviour Detected High Investigating SRV-BACKUP-01
ALR-00261 10h ago DecoyPulse Honeypot Triggered Medium Open AP-WIFI-03
ALR-00431 14h ago Anomalous DNS Query High Open SRV-BACKUP-01
ALR-00112 14h ago Port Scan Detected Informational Open SRV-BACKUP-01