Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:21:32 UTC

Rogue DHCP Server

Medium Open
ALR-00306 · 2026-04-08T02:49:14Z

Description

Rogue DHCP server detected on VLAN 10 from SW-CORE-01. Offering IPs in unexpected range. Network IDS quarantined the device.

Alert Metadata

Alert ID
ALR-00306
Timestamp
2026-04-08T02:49:14Z
Severity
Medium
Status
Open
Detection Source
Network IDS
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SW-CORE-01
User Account
f.hall
Source IP
45.171.148.165
Destination IP
10.0.129.167
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

02:49:14 Event ingested by SOC365 Engine
02:49:18 EmilyAI triage started — correlation enrichment
02:49:21 EmilyAI confidence: 97% — escalated to human analyst
02:49:45 Alert assigned to analyst: Marcus Webb
02:51:29 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00263 4h ago Pass-the-Hash Detected High Investigating SW-CORE-01
ALR-00055 5h ago Malware Signature Match Medium Open SW-CORE-01
ALR-00180 8h ago Rogue DHCP Server Low Investigating VM-DEV-01
ALR-00238 8h ago Unusual Outbound Traffic Informational Open SW-CORE-01
ALR-00014 10h ago Rogue DHCP Server Low Resolved WS-LAP-011