Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:41:31 UTC

Rogue DHCP Server

High Escalated
ALR-00047 · 2026-07-07T04:40:46Z

Description

Rogue DHCP server detected on VLAN 10 from SRV-BACKUP-01. Offering IPs in unexpected range. Email Gateway quarantined the device.

Alert Metadata

Alert ID
ALR-00047
Timestamp
2026-07-07T04:40:46Z
Severity
High
Status
Escalated
Detection Source
Email Gateway
Assigned Analyst
Sarah Chen

Endpoint Information

Hostname
SRV-BACKUP-01
User Account
l.johnson
Source IP
194.123.62.231
Destination IP
10.2.206.118
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

04:40:46 Event ingested by SOC365 Engine
04:40:51 EmilyAI triage started — correlation enrichment
04:40:54 EmilyAI confidence: 84% — escalated to human analyst
04:41:18 Alert assigned to analyst: Sarah Chen
04:43:13 Investigation started — querying SIEM and threat intelligence
04:48:45 Containment action taken — endpoint isolated
04:59:14 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00046 2h ago Rogue DHCP Server Low Resolved WS-LAP-012
ALR-00111 2h ago Certificate Anomaly Low Resolved SRV-BACKUP-01
ALR-00468 4h ago Rogue DHCP Server Low Investigating SRV-WEB-01
ALR-00112 8h ago Failed MFA Challenge Medium Resolved SRV-BACKUP-01
ALR-00237 13h ago Rogue DHCP Server Medium False Positive WS-PC-002