Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:02:36 UTC

DecoyPulse Honeypot Triggered

Informational False Positive
ALR-00405 · 2026-05-23T03:43:25Z

Description

DecoyPulse honeypot on SRV-BACKUP-01 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.

Alert Metadata

Alert ID
ALR-00405
Timestamp
2026-05-23T03:43:25Z
Severity
Informational
Status
False Positive
Detection Source
SOC365 Engine
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
r.davies
Source IP
91.222.195.218
Destination IP
10.1.215.97
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1018
Reference
attack.mitre.org/techniques/T1018

Investigation Timeline

03:43:25 Event ingested by SOC365 Engine
03:43:28 EmilyAI triage started — correlation enrichment
03:43:30 EmilyAI confidence: 90% — escalated to human analyst
03:44:08 Alert assigned to analyst: EmilyAI (auto)
03:45:33 Investigation started — querying SIEM and threat intelligence
03:48:05 Containment action taken — endpoint isolated
04:00:29 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00169 49m ago DecoyPulse Honeypot Triggered Medium Open WS-LAP-012
ALR-00086 1h ago Ransomware Behaviour Detected Informational False Positive SRV-BACKUP-01
ALR-00240 3h ago DecoyPulse Honeypot Triggered Low Open WS-PC-006
ALR-00128 3h ago DecoyPulse Honeypot Triggered Low Resolved WS-PC-006
ALR-00210 6h ago Lateral Movement Detected Low Open SRV-BACKUP-01