Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:37:36 UTC

Rogue DHCP Server

Low Escalated
ALR-00308 · 2026-07-08T23:21:32Z

Description

Rogue DHCP server detected on VLAN 10 from SRV-WEB-01. Offering IPs in unexpected range. Endpoint Agent quarantined the device.

Alert Metadata

Alert ID
ALR-00308
Timestamp
2026-07-08T23:21:32Z
Severity
Low
Status
Escalated
Detection Source
Endpoint Agent
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-WEB-01
User Account
h.roberts
Source IP
185.70.220.51
Destination IP
10.1.74.59
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

23:21:32 Event ingested by SOC365 Engine
23:21:37 EmilyAI triage started — correlation enrichment
23:21:45 EmilyAI confidence: 84% — escalated to human analyst
23:22:13 Alert assigned to analyst: EmilyAI (auto)
23:23:31 Investigation started — querying SIEM and threat intelligence
23:25:11 Containment action taken — endpoint isolated
23:41:25 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00416 14h ago Rogue DHCP Server High Escalated WS-PC-004
ALR-00293 17h ago Rogue DHCP Server Low Open SRV-WEB-01
ALR-00194 21h ago Rogue DHCP Server Medium Resolved AP-WIFI-03
ALR-00132 1d ago Rogue DHCP Server Medium Escalated SW-CORE-01
ALR-00472 1d ago Rogue DHCP Server Medium Investigating SRV-DC-01