Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:53:35 UTC

DecoyPulse Honeypot Triggered

Informational False Positive
ALR-00082 · 2026-04-05T18:58:32Z

Description

DecoyPulse honeypot on AP-WIFI-03 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.

Alert Metadata

Alert ID
ALR-00082
Timestamp
2026-04-05T18:58:32Z
Severity
Informational
Status
False Positive
Detection Source
SOC365 Engine
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
AP-WIFI-03
User Account
m.taylor
Source IP
185.185.220.139
Destination IP
10.1.23.59
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1018
Reference
attack.mitre.org/techniques/T1018

Investigation Timeline

18:58:32 Event ingested by SOC365 Engine
18:58:34 EmilyAI triage started — correlation enrichment
18:58:39 EmilyAI confidence: 84% — escalated to human analyst
18:59:02 Alert assigned to analyst: EmilyAI (auto)
18:59:32 Investigation started — querying SIEM and threat intelligence
19:06:16 Containment action taken — endpoint isolated
19:14:41 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00252 14m ago DecoyPulse Honeypot Triggered Informational False Positive SW-CORE-01
ALR-00054 7h ago DecoyPulse Honeypot Triggered Medium Open AP-WIFI-03
ALR-00403 11h ago Port Scan Detected Medium Resolved AP-WIFI-03
ALR-00060 15h ago Pass-the-Hash Detected Informational False Positive AP-WIFI-03
ALR-00135 16h ago DecoyPulse Honeypot Triggered Medium Investigating SRV-SQL-01