DecoyPulse Honeypot Triggered
High
Investigating
ALR-00403 · 2026-07-05T12:56:32Z
Description
DecoyPulse honeypot on WS-PC-002 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
12:56:32
Event ingested by SOC365 Engine
12:56:33
EmilyAI triage started — correlation enrichment
12:56:46
EmilyAI confidence: 94% — escalated to human analyst
12:56:53
Alert assigned to analyst: James Okonkwo
12:58:33
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00371 | 1h ago | Pass-the-Hash Detected | Informational | Investigating | WS-PC-002 |
| ALR-00054 | 10h ago | Kerberoasting Attempt | Critical | Escalated | WS-PC-002 |
| ALR-00386 | 13h ago | Unusual Outbound Traffic | Medium | Investigating | WS-PC-002 |
| ALR-00345 | 22h ago | Port Scan Detected | High | Investigating | WS-PC-002 |
| ALR-00309 | 23h ago | Insider Threat Indicator | Low | Open | WS-PC-002 |