Rogue DHCP Server
Low
Escalated
ALR-00077 · 2026-07-11T19:27:58Z
Description
Rogue DHCP server detected on VLAN 10 from WS-LAP-011. Offering IPs in unexpected range. EmilyAI Triage quarantined the device.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
19:27:58
Event ingested by SOC365 Engine
19:28:03
EmilyAI triage started — correlation enrichment
19:28:13
EmilyAI confidence: 82% — escalated to human analyst
19:28:38
Alert assigned to analyst: EmilyAI (auto)
19:30:57
Investigation started — querying SIEM and threat intelligence
19:32:17
Containment action taken — endpoint isolated
19:47:07
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00483 | 2h ago | Rogue DHCP Server | Low | Open | VM-DEV-01 |
| ALR-00055 | 10h ago | Brute Force SSH | Low | Escalated | WS-LAP-011 |
| ALR-00148 | 11h ago | Pass-the-Hash Detected | Low | Resolved | WS-LAP-011 |
| ALR-00313 | 11h ago | Rogue DHCP Server | Low | Open | WS-LAP-010 |
| ALR-00392 | 21h ago | Suspicious PowerShell Execution | Medium | Investigating | WS-LAP-011 |