Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:09:15 UTC

DecoyPulse Honeypot Triggered

Medium Resolved
ALR-00245 · 2026-05-27T13:30:14Z

Description

DecoyPulse honeypot on SRV-APP-01 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.

Alert Metadata

Alert ID
ALR-00245
Timestamp
2026-05-27T13:30:14Z
Severity
Medium
Status
Resolved
Detection Source
DecoyPulse
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-APP-01
User Account
a.wilson
Source IP
103.106.216.45
Destination IP
10.1.249.215
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1018
Reference
attack.mitre.org/techniques/T1018

Investigation Timeline

13:30:14 Event ingested by SOC365 Engine
13:30:18 EmilyAI triage started — correlation enrichment
13:30:24 EmilyAI confidence: 89% — escalated to human analyst
13:30:46 Alert assigned to analyst: Marcus Webb
13:31:57 Investigation started — querying SIEM and threat intelligence
13:36:19 Containment action taken — endpoint isolated
13:49:23 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00390 1h ago DecoyPulse Honeypot Triggered Medium Open WS-PC-006
ALR-00151 3h ago DecoyPulse Honeypot Triggered Low Resolved AP-WIFI-03
ALR-00440 8h ago Failed MFA Challenge Medium Escalated SRV-APP-01
ALR-00221 12h ago Certificate Anomaly Medium Open SRV-APP-01
ALR-00409 15h ago DecoyPulse Honeypot Triggered Medium Investigating WS-MAC-005