Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:36:38 UTC

DecoyPulse Honeypot Triggered

Medium False Positive
ALR-00324 · 2026-07-08T05:56:09Z

Description

DecoyPulse honeypot on FW-EDGE-01 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.

Alert Metadata

Alert ID
ALR-00324
Timestamp
2026-07-08T05:56:09Z
Severity
Medium
Status
False Positive
Detection Source
EmilyAI Triage
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
FW-EDGE-01
User Account
c.williams
Source IP
185.69.220.65
Destination IP
10.1.246.234
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1018
Reference
attack.mitre.org/techniques/T1018

Investigation Timeline

05:56:09 Event ingested by SOC365 Engine
05:56:14 EmilyAI triage started — correlation enrichment
05:56:22 EmilyAI confidence: 87% — escalated to human analyst
05:56:46 Alert assigned to analyst: James Okonkwo
05:58:47 Investigation started — querying SIEM and threat intelligence
06:01:16 Containment action taken — endpoint isolated
06:15:32 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00431 56m ago Port Scan Detected Informational Resolved FW-EDGE-01
ALR-00387 11h ago Ransomware Behaviour Detected Medium Escalated FW-EDGE-01
ALR-00137 12h ago DecoyPulse Honeypot Triggered Low Investigating WS-PC-006
ALR-00062 15h ago DecoyPulse Honeypot Triggered Informational Escalated SRV-SQL-01
ALR-00085 15h ago DecoyPulse Honeypot Triggered Medium Resolved WS-LAP-010