DecoyPulse Honeypot Triggered
Medium
Open
ALR-00166 · 2026-07-10T13:24:50Z
Description
DecoyPulse honeypot on SRV-FILE-01 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
13:24:50
Event ingested by SOC365 Engine
13:24:53
EmilyAI triage started — correlation enrichment
13:24:57
EmilyAI confidence: 96% — escalated to human analyst
13:25:28
Alert assigned to analyst: James Okonkwo
13:26:43
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00313 | 6h ago | DecoyPulse Honeypot Triggered | Low | Investigating | AP-WIFI-03 |
| ALR-00107 | 8h ago | DecoyPulse Honeypot Triggered | Medium | Resolved | WS-PC-004 |
| ALR-00466 | 11h ago | Malware Signature Match | Low | Investigating | SRV-FILE-01 |
| ALR-00060 | 17h ago | DecoyPulse Honeypot Triggered | Informational | Escalated | SRV-SQL-01 |
| ALR-00437 | 21h ago | DecoyPulse Honeypot Triggered | Low | Escalated | WS-LAP-010 |