Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:57:21 UTC

Rogue DHCP Server

Informational Investigating
ALR-00060 · 2026-04-08T21:55:49Z

Description

Rogue DHCP server detected on VLAN 10 from AP-WIFI-03. Offering IPs in unexpected range. Dark Web Monitor quarantined the device.

Alert Metadata

Alert ID
ALR-00060
Timestamp
2026-04-08T21:55:49Z
Severity
Informational
Status
Investigating
Detection Source
Dark Web Monitor
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
AP-WIFI-03
User Account
a.wilson
Source IP
185.82.220.83
Destination IP
10.2.112.88
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

21:55:49 Event ingested by SOC365 Engine
21:55:51 EmilyAI triage started — correlation enrichment
21:55:55 EmilyAI confidence: 94% — escalated to human analyst
21:56:14 Alert assigned to analyst: EmilyAI (auto)
21:58:05 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00377 6h ago Suspicious Scheduled Task Low False Positive AP-WIFI-03
ALR-00200 15h ago C2 Beacon Activity Low Resolved AP-WIFI-03
ALR-00420 18h ago Unauthorised USB Device Informational Escalated AP-WIFI-03
ALR-00214 19h ago Rogue DHCP Server Low Resolved SRV-DC-01
ALR-00112 1d ago Unusual Outbound Traffic Informational Escalated AP-WIFI-03