Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:50:46 UTC

DecoyPulse Honeypot Triggered

Informational Resolved
ALR-00134 · 2026-04-10T10:29:07Z

Description

DecoyPulse honeypot on SW-CORE-01 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.

Alert Metadata

Alert ID
ALR-00134
Timestamp
2026-04-10T10:29:07Z
Severity
Informational
Status
Resolved
Detection Source
Cloud Connector
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SW-CORE-01
User Account
system
Source IP
45.218.148.53
Destination IP
10.2.200.159
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1018
Reference
attack.mitre.org/techniques/T1018

Investigation Timeline

10:29:07 Event ingested by SOC365 Engine
10:29:09 EmilyAI triage started — correlation enrichment
10:29:12 EmilyAI confidence: 94% — escalated to human analyst
10:29:39 Alert assigned to analyst: EmilyAI (auto)
10:30:25 Investigation started — querying SIEM and threat intelligence
10:33:42 Containment action taken — endpoint isolated
10:46:28 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00237 7h ago Unusual Outbound Traffic Informational False Positive SW-CORE-01
ALR-00306 11h ago Insider Threat Indicator Low Investigating SW-CORE-01
ALR-00387 12h ago C2 Beacon Activity Medium Investigating SW-CORE-01
ALR-00216 14h ago DecoyPulse Honeypot Triggered Low Investigating WS-LAP-011
ALR-00477 19h ago Malware Signature Match Informational Investigating SW-CORE-01