DecoyPulse Honeypot Triggered
Low
Open
ALR-00140 · 2026-07-10T08:00:29Z
Description
DecoyPulse honeypot on WS-PC-002 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
08:00:29
Event ingested by SOC365 Engine
08:00:31
EmilyAI triage started — correlation enrichment
08:00:35
EmilyAI confidence: 79% — escalated to human analyst
08:00:44
Alert assigned to analyst: EmilyAI (auto)
08:01:41
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00249 | 8h ago | Privilege Escalation Attempt | Medium | Resolved | WS-PC-002 |
| ALR-00181 | 11h ago | Credential Stuffing Attempt | Informational | Escalated | WS-PC-002 |
| ALR-00158 | 1d ago | DecoyPulse Honeypot Triggered | High | Investigating | SW-CORE-01 |
| ALR-00063 | 1d ago | DecoyPulse Honeypot Triggered | Low | Investigating | WS-PC-006 |
| ALR-00210 | 1d ago | DecoyPulse Honeypot Triggered | Medium | Resolved | WS-PC-004 |