Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:50:00 UTC

DecoyPulse Honeypot Triggered

Low Open
ALR-00316 · 2026-04-11T14:14:11Z

Description

DecoyPulse honeypot on SRV-MAIL-01 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.

Alert Metadata

Alert ID
ALR-00316
Timestamp
2026-04-11T14:14:11Z
Severity
Low
Status
Open
Detection Source
Email Gateway
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-MAIL-01
User Account
m.taylor
Source IP
103.181.216.135
Destination IP
10.2.104.15
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1018
Reference
attack.mitre.org/techniques/T1018

Investigation Timeline

14:14:11 Event ingested by SOC365 Engine
14:14:12 EmilyAI triage started — correlation enrichment
14:14:17 EmilyAI confidence: 86% — escalated to human analyst
14:14:34 Alert assigned to analyst: EmilyAI (auto)
14:15:12 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00454 8h ago Suspicious PowerShell Execution Informational Escalated SRV-MAIL-01
ALR-00216 14h ago DecoyPulse Honeypot Triggered Low Investigating WS-LAP-011
ALR-00280 19h ago Anomalous DNS Query Informational False Positive SRV-MAIL-01
ALR-00180 1d ago Port Scan Detected Medium Resolved SRV-MAIL-01
ALR-00372 1d ago DecoyPulse Honeypot Triggered Critical Investigating WS-PC-001