DecoyPulse Honeypot Triggered
Critical
Investigating
ALR-00387 · 2026-07-06T00:31:37Z
Description
DecoyPulse honeypot on SRV-SQL-01 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
00:31:37
Event ingested by SOC365 Engine
00:31:39
EmilyAI triage started — correlation enrichment
00:31:43
EmilyAI confidence: 89% — escalated to human analyst
00:32:06
Alert assigned to analyst: Sarah Chen
00:32:23
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00302 | 6h ago | DecoyPulse Honeypot Triggered | Informational | Resolved | WS-LAP-010 |
| ALR-00103 | 10h ago | Phishing Email Blocked | Low | Escalated | SRV-SQL-01 |
| ALR-00309 | 16h ago | Shadow IT Discovery | Low | Open | SRV-SQL-01 |
| ALR-00053 | 16h ago | Tor Exit Node Connection | Medium | Escalated | SRV-SQL-01 |
| ALR-00403 | 22h ago | Phishing Email Blocked | Informational | Open | SRV-SQL-01 |