Rogue DHCP Server
Low
Escalated
ALR-00308 · 2026-07-08T23:21:32Z
Description
Rogue DHCP server detected on VLAN 10 from SRV-WEB-01. Offering IPs in unexpected range. Endpoint Agent quarantined the device.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
23:21:32
Event ingested by SOC365 Engine
23:21:37
EmilyAI triage started — correlation enrichment
23:21:45
EmilyAI confidence: 84% — escalated to human analyst
23:22:13
Alert assigned to analyst: EmilyAI (auto)
23:23:31
Investigation started — querying SIEM and threat intelligence
23:25:11
Containment action taken — endpoint isolated
23:41:25
Alert resolved — remediation complete
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00416 | 14h ago | Rogue DHCP Server | High | Escalated | WS-PC-004 |
| ALR-00293 | 17h ago | Rogue DHCP Server | Low | Open | SRV-WEB-01 |
| ALR-00194 | 21h ago | Rogue DHCP Server | Medium | Resolved | AP-WIFI-03 |
| ALR-00132 | 1d ago | Rogue DHCP Server | Medium | Escalated | SW-CORE-01 |
| ALR-00472 | 1d ago | Rogue DHCP Server | Medium | Investigating | SRV-DC-01 |