Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:53:52 UTC

DecoyPulse Honeypot Triggered

Low Investigating
ALR-00032 · 2026-05-21T22:48:20Z

Description

DecoyPulse honeypot on WS-PC-003 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.

Alert Metadata

Alert ID
ALR-00032
Timestamp
2026-05-21T22:48:20Z
Severity
Low
Status
Investigating
Detection Source
Endpoint Agent
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-003
User Account
n.clark
Source IP
103.245.216.249
Destination IP
10.1.110.205
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1018
Reference
attack.mitre.org/techniques/T1018

Investigation Timeline

22:48:20 Event ingested by SOC365 Engine
22:48:21 EmilyAI triage started — correlation enrichment
22:48:30 EmilyAI confidence: 84% — escalated to human analyst
22:48:45 Alert assigned to analyst: EmilyAI (auto)
22:50:23 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00323 4h ago DecoyPulse Honeypot Triggered Medium Escalated WS-LAP-011
ALR-00231 11h ago Port Scan Detected Low Escalated WS-PC-003
ALR-00408 19h ago Ransomware Behaviour Detected Informational Investigating WS-PC-003
ALR-00380 21h ago Shadow IT Discovery Low Resolved WS-PC-003
ALR-00216 22h ago DecoyPulse Honeypot Triggered Medium Resolved WS-LAP-012