Rogue DHCP Server
High
Open
ALR-00259 · 2026-07-08T21:22:54Z
Description
Rogue DHCP server detected on VLAN 10 from WS-LAP-011. Offering IPs in unexpected range. Firewall quarantined the device.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
21:22:54
Event ingested by SOC365 Engine
21:22:57
EmilyAI triage started — correlation enrichment
21:23:01
EmilyAI confidence: 96% — escalated to human analyst
21:23:26
Alert assigned to analyst: Anika Patel
21:24:26
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00465 | 12h ago | Ransomware Behaviour Detected | Low | Open | WS-LAP-011 |
| ALR-00285 | 13h ago | Rogue DHCP Server | High | Investigating | WS-LAP-011 |
| ALR-00304 | 17h ago | Rogue DHCP Server | Medium | Resolved | SRV-APP-01 |
| ALR-00093 | 17h ago | Privilege Escalation Attempt | High | Escalated | WS-LAP-011 |
| ALR-00363 | 19h ago | Failed MFA Challenge | Low | Investigating | WS-LAP-011 |