Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:26:11 UTC

Rogue DHCP Server

Low Escalated
ALR-00180 · 2026-04-07T20:04:42Z

Description

Rogue DHCP server detected on VLAN 10 from SRV-DC-01. Offering IPs in unexpected range. Attack Surface Scanner quarantined the device.

Alert Metadata

Alert ID
ALR-00180
Timestamp
2026-04-07T20:04:42Z
Severity
Low
Status
Escalated
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-DC-01
User Account
d.walker
Source IP
45.18.148.118
Destination IP
10.1.58.10
Origin Country
CN China

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

20:04:42 Event ingested by SOC365 Engine
20:04:45 EmilyAI triage started — correlation enrichment
20:04:55 EmilyAI confidence: 94% — escalated to human analyst
20:05:24 Alert assigned to analyst: EmilyAI (auto)
20:06:52 Investigation started — querying SIEM and threat intelligence
20:13:46 Containment action taken — endpoint isolated
20:15:53 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00012 2h ago C2 Beacon Activity Low Open SRV-DC-01
ALR-00162 2h ago Anomalous DNS Query Medium Investigating SRV-DC-01
ALR-00082 2h ago Rogue DHCP Server Low False Positive VM-DEV-01
ALR-00304 10h ago Rogue DHCP Server Informational Investigating SRV-APP-01
ALR-00072 12h ago Rogue DHCP Server Low False Positive WS-PC-004