Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:50:52 UTC

DecoyPulse Honeypot Triggered

Low False Positive
ALR-00316 · 2026-07-08T21:05:32Z

Description

DecoyPulse honeypot on WS-MAC-005 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.

Alert Metadata

Alert ID
ALR-00316
Timestamp
2026-07-08T21:05:32Z
Severity
Low
Status
False Positive
Detection Source
Email Gateway
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-MAC-005
User Account
s.jones
Source IP
103.232.216.63
Destination IP
10.1.17.145
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1018
Reference
attack.mitre.org/techniques/T1018

Investigation Timeline

21:05:32 Event ingested by SOC365 Engine
21:05:37 EmilyAI triage started — correlation enrichment
21:05:37 EmilyAI confidence: 93% — escalated to human analyst
21:05:52 Alert assigned to analyst: EmilyAI (auto)
21:07:14 Investigation started — querying SIEM and threat intelligence
21:11:11 Containment action taken — endpoint isolated
21:16:09 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00171 1h ago Shadow IT Discovery Medium Investigating WS-MAC-005
ALR-00059 9h ago Ransomware Behaviour Detected Low Investigating WS-MAC-005
ALR-00226 16h ago Unauthorised USB Device High Open WS-MAC-005
ALR-00251 1d ago DecoyPulse Honeypot Triggered Informational Investigating WS-LAP-011
ALR-00094 1d ago Shadow IT Discovery Medium Open WS-MAC-005