Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:20:55 UTC

DecoyPulse Honeypot Triggered

Informational Open
ALR-00196 · 2026-04-08T10:42:39Z

Description

DecoyPulse honeypot on SRV-DC-01 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.

Alert Metadata

Alert ID
ALR-00196
Timestamp
2026-04-08T10:42:39Z
Severity
Informational
Status
Open
Detection Source
Email Gateway
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-DC-01
User Account
s.jones
Source IP
91.211.195.62
Destination IP
10.1.115.237
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1018
Reference
attack.mitre.org/techniques/T1018

Investigation Timeline

10:42:39 Event ingested by SOC365 Engine
10:42:43 EmilyAI triage started — correlation enrichment
10:42:45 EmilyAI confidence: 92% — escalated to human analyst
10:43:00 Alert assigned to analyst: EmilyAI (auto)
10:45:38 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00293 5h ago Anomalous DNS Query Informational Resolved SRV-DC-01
ALR-00105 13h ago Privilege Escalation Attempt Low False Positive SRV-DC-01
ALR-00142 14h ago Lateral Movement Detected Low Investigating SRV-DC-01
ALR-00453 16h ago DecoyPulse Honeypot Triggered High Escalated SRV-FILE-01
ALR-00211 20h ago DecoyPulse Honeypot Triggered Informational False Positive WS-PC-001