Rogue DHCP Server
Informational
Open
ALR-00300 · 2026-07-08T22:18:09Z
Description
Rogue DHCP server detected on VLAN 10 from SRV-APP-01. Offering IPs in unexpected range. Dark Web Monitor quarantined the device.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
22:18:09
Event ingested by SOC365 Engine
22:18:14
EmilyAI triage started — correlation enrichment
22:18:15
EmilyAI confidence: 91% — escalated to human analyst
22:18:39
Alert assigned to analyst: EmilyAI (auto)
22:19:03
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00140 | 12h ago | Port Scan Detected | Critical | Escalated | SRV-APP-01 |
| ALR-00064 | 15h ago | Failed MFA Challenge | Low | Escalated | SRV-APP-01 |
| ALR-00497 | 19h ago | Kerberoasting Attempt | Medium | Escalated | SRV-APP-01 |
| ALR-00343 | 1d ago | Rogue DHCP Server | Informational | Escalated | SW-CORE-01 |
| ALR-00116 | 1d ago | Data Exfiltration Attempt | High | Open | SRV-APP-01 |