DecoyPulse Honeypot Triggered
Informational
Open
ALR-00494 · 2026-07-07T09:14:33Z
Description
DecoyPulse honeypot on SRV-BACKUP-01 triggered by internal IP. Credentials for decoy admin account used. Zero false positive — investigating.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
09:14:33
Event ingested by SOC365 Engine
09:14:36
EmilyAI triage started — correlation enrichment
09:14:45
EmilyAI confidence: 97% — escalated to human analyst
09:14:58
Alert assigned to analyst: EmilyAI (auto)
09:15:29
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00217 | 1h ago | Tor Exit Node Connection | High | Investigating | SRV-BACKUP-01 |
| ALR-00188 | 5h ago | DecoyPulse Honeypot Triggered | High | Escalated | WS-LAP-010 |
| ALR-00051 | 7h ago | DecoyPulse Honeypot Triggered | Low | Resolved | WS-MAC-005 |
| ALR-00119 | 8h ago | DecoyPulse Honeypot Triggered | Informational | Resolved | VM-DEV-01 |
| ALR-00225 | 9h ago | DecoyPulse Honeypot Triggered | Informational | Escalated | VM-DEV-01 |