Rogue DHCP Server
High
Open
ALR-00092 · 2026-07-10T10:16:15Z
Description
Rogue DHCP server detected on VLAN 10 from SRV-APP-01. Offering IPs in unexpected range. Cloud Connector quarantined the device.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
10:16:15
Event ingested by SOC365 Engine
10:16:16
EmilyAI triage started — correlation enrichment
10:16:23
EmilyAI confidence: 85% — escalated to human analyst
10:16:47
Alert assigned to analyst: Emma Richardson
10:19:12
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00383 | 5h ago | Rogue DHCP Server | Medium | Investigating | FW-EDGE-01 |
| ALR-00035 | 17h ago | Lateral Movement Detected | Medium | Investigating | SRV-APP-01 |
| ALR-00360 | 22h ago | Rogue DHCP Server | High | Investigating | WS-LAP-010 |
| ALR-00063 | 23h ago | Failed MFA Challenge | Medium | Open | SRV-APP-01 |
| ALR-00170 | 1d ago | Unauthorised USB Device | Low | Resolved | SRV-APP-01 |