Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:02:22 UTC

Rogue DHCP Server

High Open
ALR-00115 · 2026-05-22T03:02:45Z

Description

Rogue DHCP server detected on VLAN 10 from SRV-APP-01. Offering IPs in unexpected range. SOC365 Engine quarantined the device.

Alert Metadata

Alert ID
ALR-00115
Timestamp
2026-05-22T03:02:45Z
Severity
High
Status
Open
Detection Source
SOC365 Engine
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-APP-01
User Account
k.brown
Source IP
194.121.62.198
Destination IP
10.2.39.148
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

03:02:45 Event ingested by SOC365 Engine
03:02:47 EmilyAI triage started — correlation enrichment
03:02:59 EmilyAI confidence: 78% — escalated to human analyst
03:03:00 Alert assigned to analyst: Marcus Webb
03:03:39 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00079 15h ago Unauthorised USB Device Low Investigating SRV-APP-01
ALR-00224 18h ago Credential Stuffing Attempt Low Resolved SRV-APP-01
ALR-00125 1d ago Failed MFA Challenge Critical Open SRV-APP-01
ALR-00313 1d ago Rogue DHCP Server High Open SRV-BACKUP-01
ALR-00315 1d ago Rogue DHCP Server Informational Investigating SRV-APP-01