DecoyPulse Honeypot Triggered
Medium
False Positive
ALR-00324 · 2026-07-08T05:56:09Z
Description
DecoyPulse honeypot on FW-EDGE-01 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
05:56:09
Event ingested by SOC365 Engine
05:56:14
EmilyAI triage started — correlation enrichment
05:56:22
EmilyAI confidence: 87% — escalated to human analyst
05:56:46
Alert assigned to analyst: James Okonkwo
05:58:47
Investigation started — querying SIEM and threat intelligence
06:01:16
Containment action taken — endpoint isolated
06:15:32
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00431 | 56m ago | Port Scan Detected | Informational | Resolved | FW-EDGE-01 |
| ALR-00387 | 11h ago | Ransomware Behaviour Detected | Medium | Escalated | FW-EDGE-01 |
| ALR-00137 | 12h ago | DecoyPulse Honeypot Triggered | Low | Investigating | WS-PC-006 |
| ALR-00062 | 15h ago | DecoyPulse Honeypot Triggered | Informational | Escalated | SRV-SQL-01 |
| ALR-00085 | 15h ago | DecoyPulse Honeypot Triggered | Medium | Resolved | WS-LAP-010 |