Rogue DHCP Server
High
Escalated
ALR-00047 · 2026-07-07T04:40:46Z
Description
Rogue DHCP server detected on VLAN 10 from SRV-BACKUP-01. Offering IPs in unexpected range. Email Gateway quarantined the device.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
04:40:46
Event ingested by SOC365 Engine
04:40:51
EmilyAI triage started — correlation enrichment
04:40:54
EmilyAI confidence: 84% — escalated to human analyst
04:41:18
Alert assigned to analyst: Sarah Chen
04:43:13
Investigation started — querying SIEM and threat intelligence
04:48:45
Containment action taken — endpoint isolated
04:59:14
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00046 | 2h ago | Rogue DHCP Server | Low | Resolved | WS-LAP-012 |
| ALR-00111 | 2h ago | Certificate Anomaly | Low | Resolved | SRV-BACKUP-01 |
| ALR-00468 | 4h ago | Rogue DHCP Server | Low | Investigating | SRV-WEB-01 |
| ALR-00112 | 8h ago | Failed MFA Challenge | Medium | Resolved | SRV-BACKUP-01 |
| ALR-00237 | 13h ago | Rogue DHCP Server | Medium | False Positive | WS-PC-002 |