Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:39:24 UTC

Rogue DHCP Server

Informational Open
ALR-00300 · 2026-07-08T22:18:09Z

Description

Rogue DHCP server detected on VLAN 10 from SRV-APP-01. Offering IPs in unexpected range. Dark Web Monitor quarantined the device.

Alert Metadata

Alert ID
ALR-00300
Timestamp
2026-07-08T22:18:09Z
Severity
Informational
Status
Open
Detection Source
Dark Web Monitor
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-APP-01
User Account
j.smith
Source IP
185.33.220.248
Destination IP
10.1.11.97
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

22:18:09 Event ingested by SOC365 Engine
22:18:14 EmilyAI triage started — correlation enrichment
22:18:15 EmilyAI confidence: 91% — escalated to human analyst
22:18:39 Alert assigned to analyst: EmilyAI (auto)
22:19:03 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00140 12h ago Port Scan Detected Critical Escalated SRV-APP-01
ALR-00064 15h ago Failed MFA Challenge Low Escalated SRV-APP-01
ALR-00497 19h ago Kerberoasting Attempt Medium Escalated SRV-APP-01
ALR-00343 1d ago Rogue DHCP Server Informational Escalated SW-CORE-01
ALR-00116 1d ago Data Exfiltration Attempt High Open SRV-APP-01