DecoyPulse Honeypot Triggered
Low
Open
ALR-00010 · 2026-07-05T09:33:21Z
Description
DecoyPulse honeypot on SRV-BACKUP-01 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
09:33:21
Event ingested by SOC365 Engine
09:33:24
EmilyAI triage started — correlation enrichment
09:33:29
EmilyAI confidence: 91% — escalated to human analyst
09:34:06
Alert assigned to analyst: EmilyAI (auto)
09:35:09
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00059 | 24m ago | Kerberoasting Attempt | Informational | Investigating | SRV-BACKUP-01 |
| ALR-00472 | 9h ago | Ransomware Behaviour Detected | High | Investigating | SRV-BACKUP-01 |
| ALR-00261 | 10h ago | DecoyPulse Honeypot Triggered | Medium | Open | AP-WIFI-03 |
| ALR-00431 | 14h ago | Anomalous DNS Query | High | Open | SRV-BACKUP-01 |
| ALR-00112 | 14h ago | Port Scan Detected | Informational | Open | SRV-BACKUP-01 |