Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:24:13 UTC

Rogue DHCP Server

Informational Escalated
ALR-00229 · 2026-04-08T18:16:08Z

Description

Rogue DHCP server detected on VLAN 10 from WS-PC-004. Offering IPs in unexpected range. Email Gateway quarantined the device.

Alert Metadata

Alert ID
ALR-00229
Timestamp
2026-04-08T18:16:08Z
Severity
Informational
Status
Escalated
Detection Source
Email Gateway
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-004
User Account
m.taylor
Source IP
103.245.216.232
Destination IP
10.1.149.63
Origin Country
RO Romania

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

18:16:08 Event ingested by SOC365 Engine
18:16:09 EmilyAI triage started — correlation enrichment
18:16:21 EmilyAI confidence: 87% — escalated to human analyst
18:16:49 Alert assigned to analyst: EmilyAI (auto)
18:18:26 Investigation started — querying SIEM and threat intelligence
18:21:29 Containment action taken — endpoint isolated
18:27:44 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00156 46m ago Rogue DHCP Server Low Escalated WS-LAP-012
ALR-00096 13h ago Rogue DHCP Server Low Resolved SRV-FILE-01
ALR-00390 13h ago Rogue DHCP Server Low Investigating SRV-WEB-01
ALR-00325 18h ago Anomalous DNS Query Medium Escalated WS-PC-004
ALR-00404 20h ago Failed MFA Challenge Medium Open WS-PC-004