Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:52:35 UTC

Rogue DHCP Server

Low Escalated
ALR-00092 · 2026-05-21T17:36:00Z

Description

Rogue DHCP server detected on VLAN 10 from FW-EDGE-01. Offering IPs in unexpected range. Cloud Connector quarantined the device.

Alert Metadata

Alert ID
ALR-00092
Timestamp
2026-05-21T17:36:00Z
Severity
Low
Status
Escalated
Detection Source
Cloud Connector
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
FW-EDGE-01
User Account
c.williams
Source IP
103.161.216.158
Destination IP
10.1.194.227
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

17:36:00 Event ingested by SOC365 Engine
17:36:04 EmilyAI triage started — correlation enrichment
17:36:12 EmilyAI confidence: 95% — escalated to human analyst
17:36:43 Alert assigned to analyst: EmilyAI (auto)
17:38:47 Investigation started — querying SIEM and threat intelligence
17:44:11 Containment action taken — endpoint isolated
17:55:44 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00425 3h ago Suspicious Scheduled Task Medium False Positive FW-EDGE-01
ALR-00025 7h ago Rogue DHCP Server Low Investigating WS-PC-002
ALR-00035 12h ago Port Scan Detected Low Resolved FW-EDGE-01
ALR-00430 15h ago Brute Force SSH Low Escalated FW-EDGE-01
ALR-00020 15h ago Brute Force SSH Medium Open FW-EDGE-01