DecoyPulse Honeypot Triggered
Low
False Positive
ALR-00316 · 2026-07-08T21:05:32Z
Description
DecoyPulse honeypot on WS-MAC-005 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
21:05:32
Event ingested by SOC365 Engine
21:05:37
EmilyAI triage started — correlation enrichment
21:05:37
EmilyAI confidence: 93% — escalated to human analyst
21:05:52
Alert assigned to analyst: EmilyAI (auto)
21:07:14
Investigation started — querying SIEM and threat intelligence
21:11:11
Containment action taken — endpoint isolated
21:16:09
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00171 | 1h ago | Shadow IT Discovery | Medium | Investigating | WS-MAC-005 |
| ALR-00059 | 9h ago | Ransomware Behaviour Detected | Low | Investigating | WS-MAC-005 |
| ALR-00226 | 16h ago | Unauthorised USB Device | High | Open | WS-MAC-005 |
| ALR-00251 | 1d ago | DecoyPulse Honeypot Triggered | Informational | Investigating | WS-LAP-011 |
| ALR-00094 | 1d ago | Shadow IT Discovery | Medium | Open | WS-MAC-005 |