DecoyPulse Honeypot Triggered
Critical
Escalated
ALR-00282 · 2026-07-11T03:36:55Z
Description
DecoyPulse honeypot on SRV-APP-01 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
03:36:55
Event ingested by SOC365 Engine
03:36:59
EmilyAI triage started — correlation enrichment
03:37:00
EmilyAI confidence: 78% — escalated to human analyst
03:37:16
Alert assigned to analyst: James Okonkwo
03:37:53
Investigation started — querying SIEM and threat intelligence
03:46:50
Containment action taken — endpoint isolated
03:52:16
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00130 | 9h ago | Suspicious Scheduled Task | Low | Investigating | SRV-APP-01 |
| ALR-00096 | 10h ago | Failed MFA Challenge | Low | Escalated | SRV-APP-01 |
| ALR-00053 | 12h ago | DecoyPulse Honeypot Triggered | Informational | Escalated | WS-PC-006 |
| ALR-00226 | 18h ago | DecoyPulse Honeypot Triggered | Low | Escalated | WS-PC-002 |
| ALR-00109 | 23h ago | DecoyPulse Honeypot Triggered | Low | Escalated | VM-DEV-01 |