Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:50:00 UTC

DecoyPulse Honeypot Triggered

High Investigating
ALR-00403 · 2026-07-05T12:56:32Z

Description

DecoyPulse honeypot on WS-PC-002 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.

Alert Metadata

Alert ID
ALR-00403
Timestamp
2026-07-05T12:56:32Z
Severity
High
Status
Investigating
Detection Source
DLP Module
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-PC-002
User Account
c.williams
Source IP
185.136.220.237
Destination IP
10.1.225.156
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1018
Reference
attack.mitre.org/techniques/T1018

Investigation Timeline

12:56:32 Event ingested by SOC365 Engine
12:56:33 EmilyAI triage started — correlation enrichment
12:56:46 EmilyAI confidence: 94% — escalated to human analyst
12:56:53 Alert assigned to analyst: James Okonkwo
12:58:33 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00371 1h ago Pass-the-Hash Detected Informational Investigating WS-PC-002
ALR-00054 10h ago Kerberoasting Attempt Critical Escalated WS-PC-002
ALR-00386 13h ago Unusual Outbound Traffic Medium Investigating WS-PC-002
ALR-00345 22h ago Port Scan Detected High Investigating WS-PC-002
ALR-00309 23h ago Insider Threat Indicator Low Open WS-PC-002