Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:42:51 UTC

Rogue DHCP Server

High Investigating
ALR-00253 · 2026-07-11T02:42:48Z

Description

Rogue DHCP server detected on VLAN 10 from SRV-MAIL-01. Offering IPs in unexpected range. DecoyPulse quarantined the device.

Alert Metadata

Alert ID
ALR-00253
Timestamp
2026-07-11T02:42:48Z
Severity
High
Status
Investigating
Detection Source
DecoyPulse
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-MAIL-01
User Account
r.davies
Source IP
103.105.216.8
Destination IP
10.1.91.171
Origin Country
US United States

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

02:42:48 Event ingested by SOC365 Engine
02:42:49 EmilyAI triage started — correlation enrichment
02:42:55 EmilyAI confidence: 95% — escalated to human analyst
02:43:24 Alert assigned to analyst: Marcus Webb
02:43:53 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00084 59m ago Rogue DHCP Server Low Open WS-LAP-011
ALR-00307 3h ago Brute Force SSH Low Investigating SRV-MAIL-01
ALR-00157 4h ago Rogue DHCP Server Informational Open WS-PC-001
ALR-00479 9h ago Suspicious Scheduled Task Low Resolved SRV-MAIL-01
ALR-00360 9h ago Rogue DHCP Server Medium Open WS-LAP-011