Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:38:33 UTC

Rogue DHCP Server

High Open
ALR-00321 · 2026-07-05T00:21:28Z

Description

Rogue DHCP server detected on VLAN 10 from SW-CORE-01. Offering IPs in unexpected range. Network IDS quarantined the device.

Alert Metadata

Alert ID
ALR-00321
Timestamp
2026-07-05T00:21:28Z
Severity
High
Status
Open
Detection Source
Network IDS
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SW-CORE-01
User Account
system
Source IP
194.131.62.239
Destination IP
10.0.31.211
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

00:21:28 Event ingested by SOC365 Engine
00:21:29 EmilyAI triage started — correlation enrichment
00:21:36 EmilyAI confidence: 79% — escalated to human analyst
00:21:54 Alert assigned to analyst: Anika Patel
00:22:59 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00387 3h ago Kerberoasting Attempt High Escalated SW-CORE-01
ALR-00440 6h ago Credential Stuffing Attempt High Investigating SW-CORE-01
ALR-00322 7h ago Lateral Movement Detected Low False Positive SW-CORE-01
ALR-00463 16h ago Rogue DHCP Server Low Escalated SRV-BACKUP-01
ALR-00159 19h ago Rogue DHCP Server High Investigating WS-LAP-010