Rogue DHCP Server
High
Investigating
ALR-00253 · 2026-07-11T02:42:48Z
Description
Rogue DHCP server detected on VLAN 10 from SRV-MAIL-01. Offering IPs in unexpected range. DecoyPulse quarantined the device.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
02:42:48
Event ingested by SOC365 Engine
02:42:49
EmilyAI triage started — correlation enrichment
02:42:55
EmilyAI confidence: 95% — escalated to human analyst
02:43:24
Alert assigned to analyst: Marcus Webb
02:43:53
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00084 | 59m ago | Rogue DHCP Server | Low | Open | WS-LAP-011 |
| ALR-00307 | 3h ago | Brute Force SSH | Low | Investigating | SRV-MAIL-01 |
| ALR-00157 | 4h ago | Rogue DHCP Server | Informational | Open | WS-PC-001 |
| ALR-00479 | 9h ago | Suspicious Scheduled Task | Low | Resolved | SRV-MAIL-01 |
| ALR-00360 | 9h ago | Rogue DHCP Server | Medium | Open | WS-LAP-011 |