Rogue DHCP Server
Low
Resolved
ALR-00038 · 2026-07-05T20:55:05Z
Description
Rogue DHCP server detected on VLAN 10 from WS-PC-001. Offering IPs in unexpected range. Endpoint Agent quarantined the device.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
20:55:05
Event ingested by SOC365 Engine
20:55:09
EmilyAI triage started — correlation enrichment
20:55:19
EmilyAI confidence: 84% — escalated to human analyst
20:55:36
Alert assigned to analyst: EmilyAI (auto)
20:56:12
Investigation started — querying SIEM and threat intelligence
21:04:34
Containment action taken — endpoint isolated
21:06:19
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00184 | 4h ago | Rogue DHCP Server | High | Investigating | WS-LAP-010 |
| ALR-00115 | 11h ago | Failed MFA Challenge | Low | Resolved | WS-PC-001 |
| ALR-00278 | 13h ago | Rogue DHCP Server | High | Escalated | WS-LAP-010 |
| ALR-00121 | 1d ago | Malware Signature Match | Low | Escalated | WS-PC-001 |
| ALR-00007 | 1d ago | Rogue DHCP Server | Low | Resolved | SRV-BACKUP-01 |