Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:24:42 UTC

DecoyPulse Honeypot Triggered

Low Resolved
ALR-00167 · 2026-04-09T23:26:43Z

Description

DecoyPulse honeypot on WS-LAP-011 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.

Alert Metadata

Alert ID
ALR-00167
Timestamp
2026-04-09T23:26:43Z
Severity
Low
Status
Resolved
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-011
User Account
h.roberts
Source IP
91.105.195.38
Destination IP
10.3.118.84
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1018
Reference
attack.mitre.org/techniques/T1018

Investigation Timeline

23:26:43 Event ingested by SOC365 Engine
23:26:45 EmilyAI triage started — correlation enrichment
23:26:51 EmilyAI confidence: 93% — escalated to human analyst
23:27:17 Alert assigned to analyst: EmilyAI (auto)
23:28:27 Investigation started — querying SIEM and threat intelligence
23:30:26 Containment action taken — endpoint isolated
23:44:42 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00027 3h ago Unusual Outbound Traffic Medium False Positive WS-LAP-011
ALR-00487 5h ago DecoyPulse Honeypot Triggered Informational Resolved WS-PC-001
ALR-00448 9h ago C2 Beacon Activity Informational Open WS-LAP-011
ALR-00145 13h ago DecoyPulse Honeypot Triggered Critical Investigating SRV-MAIL-01
ALR-00462 16h ago Phishing Email Blocked Medium False Positive WS-LAP-011