Rogue DHCP Server
Medium
False Positive
ALR-00170 · 2026-07-05T11:08:25Z
Description
Rogue DHCP server detected on VLAN 10 from WS-LAP-010. Offering IPs in unexpected range. Cloud Connector quarantined the device.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:08:25
Event ingested by SOC365 Engine
11:08:30
EmilyAI triage started — correlation enrichment
11:08:37
EmilyAI confidence: 97% — escalated to human analyst
11:08:49
Alert assigned to analyst: James Okonkwo
11:10:37
Investigation started — querying SIEM and threat intelligence
11:14:44
Containment action taken — endpoint isolated
11:24:41
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00131 | 6h ago | Unusual Outbound Traffic | Medium | False Positive | WS-LAP-010 |
| ALR-00292 | 11h ago | C2 Beacon Activity | Informational | Resolved | WS-LAP-010 |
| ALR-00416 | 14h ago | Rogue DHCP Server | High | Escalated | WS-PC-004 |
| ALR-00483 | 15h ago | Failed MFA Challenge | Informational | False Positive | WS-LAP-010 |
| ALR-00293 | 17h ago | Rogue DHCP Server | Low | Open | SRV-WEB-01 |