Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 21:04:42 UTC

Rogue DHCP Server

High Investigating
ALR-00144 · 2026-05-26T16:44:40Z

Description

Rogue DHCP server detected on VLAN 10 from WS-PC-002. Offering IPs in unexpected range. EmilyAI Triage quarantined the device.

Alert Metadata

Alert ID
ALR-00144
Timestamp
2026-05-26T16:44:40Z
Severity
High
Status
Investigating
Detection Source
EmilyAI Triage
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
WS-PC-002
User Account
c.williams
Source IP
103.183.216.28
Destination IP
10.0.86.148
Origin Country
NG Nigeria

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

16:44:40 Event ingested by SOC365 Engine
16:44:41 EmilyAI triage started — correlation enrichment
16:44:51 EmilyAI confidence: 82% — escalated to human analyst
16:44:56 Alert assigned to analyst: Anika Patel
16:47:32 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00101 3h ago Certificate Anomaly Medium False Positive WS-PC-002
ALR-00442 7h ago Credential Stuffing Attempt Medium Open WS-PC-002
ALR-00235 10h ago Lateral Movement Detected Low Resolved WS-PC-002
ALR-00428 1d ago Rogue DHCP Server Low False Positive WS-PC-002
ALR-00480 1d ago Rogue DHCP Server Medium Investigating FW-EDGE-01