Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:38:50 UTC

Rogue DHCP Server

Low Escalated
ALR-00077 · 2026-07-11T19:27:58Z

Description

Rogue DHCP server detected on VLAN 10 from WS-LAP-011. Offering IPs in unexpected range. EmilyAI Triage quarantined the device.

Alert Metadata

Alert ID
ALR-00077
Timestamp
2026-07-11T19:27:58Z
Severity
Low
Status
Escalated
Detection Source
EmilyAI Triage
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-LAP-011
User Account
m.taylor
Source IP
103.198.216.169
Destination IP
10.0.16.154
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

19:27:58 Event ingested by SOC365 Engine
19:28:03 EmilyAI triage started — correlation enrichment
19:28:13 EmilyAI confidence: 82% — escalated to human analyst
19:28:38 Alert assigned to analyst: EmilyAI (auto)
19:30:57 Investigation started — querying SIEM and threat intelligence
19:32:17 Containment action taken — endpoint isolated
19:47:07 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00483 2h ago Rogue DHCP Server Low Open VM-DEV-01
ALR-00055 10h ago Brute Force SSH Low Escalated WS-LAP-011
ALR-00148 11h ago Pass-the-Hash Detected Low Resolved WS-LAP-011
ALR-00313 11h ago Rogue DHCP Server Low Open WS-LAP-010
ALR-00392 21h ago Suspicious PowerShell Execution Medium Investigating WS-LAP-011