Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:25:41 UTC

Rogue DHCP Server

Low Escalated
ALR-00119 · 2026-04-08T15:42:30Z

Description

Rogue DHCP server detected on VLAN 10 from FW-EDGE-01. Offering IPs in unexpected range. Endpoint Agent quarantined the device.

Alert Metadata

Alert ID
ALR-00119
Timestamp
2026-04-08T15:42:30Z
Severity
Low
Status
Escalated
Detection Source
Endpoint Agent
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
FW-EDGE-01
User Account
d.walker
Source IP
103.201.216.11
Destination IP
10.3.7.19
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

15:42:30 Event ingested by SOC365 Engine
15:42:33 EmilyAI triage started — correlation enrichment
15:42:41 EmilyAI confidence: 78% — escalated to human analyst
15:43:12 Alert assigned to analyst: EmilyAI (auto)
15:43:21 Investigation started — querying SIEM and threat intelligence
15:50:27 Containment action taken — endpoint isolated
15:58:35 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00216 6h ago Pass-the-Hash Detected Informational Resolved FW-EDGE-01
ALR-00115 9h ago Suspicious Scheduled Task Informational Open FW-EDGE-01
ALR-00449 19h ago C2 Beacon Activity Informational False Positive FW-EDGE-01
ALR-00201 20h ago Pass-the-Hash Detected Low Investigating FW-EDGE-01
ALR-00169 1d ago Rogue DHCP Server Medium Open WS-LAP-012