Rogue DHCP Server
Informational
Escalated
ALR-00134 · 2026-07-05T09:56:00Z
Description
Rogue DHCP server detected on VLAN 10 from WS-PC-003. Offering IPs in unexpected range. Attack Surface Scanner quarantined the device.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
09:56:00
Event ingested by SOC365 Engine
09:56:01
EmilyAI triage started — correlation enrichment
09:56:13
EmilyAI confidence: 90% — escalated to human analyst
09:56:24
Alert assigned to analyst: EmilyAI (auto)
09:56:59
Investigation started — querying SIEM and threat intelligence
10:01:42
Containment action taken — endpoint isolated
10:10:00
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00251 | 1h ago | Pass-the-Hash Detected | Medium | False Positive | WS-PC-003 |
| ALR-00209 | 8h ago | Unauthorised USB Device | Low | Escalated | WS-PC-003 |
| ALR-00332 | 9h ago | Privilege Escalation Attempt | Low | Open | WS-PC-003 |
| ALR-00463 | 16h ago | Rogue DHCP Server | Low | Escalated | SRV-BACKUP-01 |
| ALR-00159 | 19h ago | Rogue DHCP Server | High | Investigating | WS-LAP-010 |