Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:20:19 UTC

DecoyPulse Honeypot Triggered

Low Open
ALR-00352 · 2026-04-11T03:20:31Z

Description

DecoyPulse honeypot on FW-EDGE-01 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.

Alert Metadata

Alert ID
ALR-00352
Timestamp
2026-04-11T03:20:31Z
Severity
Low
Status
Open
Detection Source
Dark Web Monitor
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
FW-EDGE-01
User Account
h.roberts
Source IP
45.79.148.109
Destination IP
10.3.19.184
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1018
Reference
attack.mitre.org/techniques/T1018

Investigation Timeline

03:20:31 Event ingested by SOC365 Engine
03:20:36 EmilyAI triage started — correlation enrichment
03:20:44 EmilyAI confidence: 93% — escalated to human analyst
03:20:59 Alert assigned to analyst: EmilyAI (auto)
03:22:19 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00480 4h ago Credential Stuffing Attempt Medium Investigating FW-EDGE-01
ALR-00246 9h ago DLP Policy Violation Low Investigating FW-EDGE-01
ALR-00413 14h ago Shadow IT Discovery Medium False Positive FW-EDGE-01
ALR-00453 16h ago DecoyPulse Honeypot Triggered High Escalated SRV-FILE-01
ALR-00365 19h ago Certificate Anomaly Medium Resolved FW-EDGE-01