Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:54:55 UTC

DecoyPulse Honeypot Triggered

Low Resolved
ALR-00038 · 2026-05-23T00:54:05Z

Description

DecoyPulse honeypot on SRV-WEB-01 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.

Alert Metadata

Alert ID
ALR-00038
Timestamp
2026-05-23T00:54:05Z
Severity
Low
Status
Resolved
Detection Source
Endpoint Agent
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-WEB-01
User Account
e.evans
Source IP
45.246.148.76
Destination IP
10.1.109.108
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1018
Reference
attack.mitre.org/techniques/T1018

Investigation Timeline

00:54:05 Event ingested by SOC365 Engine
00:54:08 EmilyAI triage started — correlation enrichment
00:54:11 EmilyAI confidence: 85% — escalated to human analyst
00:54:20 Alert assigned to analyst: EmilyAI (auto)
00:55:00 Investigation started — querying SIEM and threat intelligence
01:00:36 Containment action taken — endpoint isolated
01:10:54 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00395 8m ago DecoyPulse Honeypot Triggered Medium Escalated WS-PC-003
ALR-00011 7h ago Data Exfiltration Attempt High Escalated SRV-WEB-01
ALR-00406 10h ago Data Exfiltration Attempt Informational False Positive SRV-WEB-01
ALR-00324 1d ago Suspicious Scheduled Task Low Open SRV-WEB-01
ALR-00126 1d ago DecoyPulse Honeypot Triggered Informational False Positive SRV-DC-01