Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:37:25 UTC

Rogue DHCP Server

High Open
ALR-00092 · 2026-07-10T10:16:15Z

Description

Rogue DHCP server detected on VLAN 10 from SRV-APP-01. Offering IPs in unexpected range. Cloud Connector quarantined the device.

Alert Metadata

Alert ID
ALR-00092
Timestamp
2026-07-10T10:16:15Z
Severity
High
Status
Open
Detection Source
Cloud Connector
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
SRV-APP-01
User Account
n.clark
Source IP
103.137.216.14
Destination IP
10.3.172.210
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

10:16:15 Event ingested by SOC365 Engine
10:16:16 EmilyAI triage started — correlation enrichment
10:16:23 EmilyAI confidence: 85% — escalated to human analyst
10:16:47 Alert assigned to analyst: Emma Richardson
10:19:12 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00383 5h ago Rogue DHCP Server Medium Investigating FW-EDGE-01
ALR-00035 17h ago Lateral Movement Detected Medium Investigating SRV-APP-01
ALR-00360 22h ago Rogue DHCP Server High Investigating WS-LAP-010
ALR-00063 23h ago Failed MFA Challenge Medium Open SRV-APP-01
ALR-00170 1d ago Unauthorised USB Device Low Resolved SRV-APP-01