DecoyPulse Honeypot Triggered
Low
Investigating
ALR-00429 · 2026-07-06T09:41:46Z
Description
DecoyPulse honeypot on SRV-FILE-01 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
09:41:46
Event ingested by SOC365 Engine
09:41:50
EmilyAI triage started — correlation enrichment
09:41:51
EmilyAI confidence: 94% — escalated to human analyst
09:42:23
Alert assigned to analyst: EmilyAI (auto)
09:44:15
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00012 | 2h ago | DecoyPulse Honeypot Triggered | Low | Escalated | WS-PC-003 |
| ALR-00371 | 5h ago | Credential Stuffing Attempt | Low | False Positive | SRV-FILE-01 |
| ALR-00467 | 14h ago | DecoyPulse Honeypot Triggered | Informational | Escalated | WS-PC-006 |
| ALR-00378 | 1d ago | Privilege Escalation Attempt | Informational | Escalated | SRV-FILE-01 |
| ALR-00382 | 1d ago | DecoyPulse Honeypot Triggered | Medium | Resolved | FW-EDGE-01 |