Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:09:54 UTC

Rogue DHCP Server

Informational Open
ALR-00223 · 2026-05-22T00:52:18Z

Description

Rogue DHCP server detected on VLAN 10 from WS-PC-003. Offering IPs in unexpected range. Network IDS quarantined the device.

Alert Metadata

Alert ID
ALR-00223
Timestamp
2026-05-22T00:52:18Z
Severity
Informational
Status
Open
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-003
User Account
h.roberts
Source IP
185.147.220.16
Destination IP
10.3.3.36
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

00:52:18 Event ingested by SOC365 Engine
00:52:20 EmilyAI triage started — correlation enrichment
00:52:29 EmilyAI confidence: 92% — escalated to human analyst
00:52:44 Alert assigned to analyst: EmilyAI (auto)
00:54:47 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00268 28m ago Rogue DHCP Server Low Investigating SW-CORE-01
ALR-00365 56m ago Ransomware Behaviour Detected Informational Investigating WS-PC-003
ALR-00165 12h ago Unusual Outbound Traffic Informational Resolved WS-PC-003
ALR-00274 14h ago Certificate Anomaly Low Open WS-PC-003
ALR-00140 15h ago Phishing Email Blocked Informational Open WS-PC-003