Rogue DHCP Server
High
Open
ALR-00321 · 2026-07-05T00:21:28Z
Description
Rogue DHCP server detected on VLAN 10 from SW-CORE-01. Offering IPs in unexpected range. Network IDS quarantined the device.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
00:21:28
Event ingested by SOC365 Engine
00:21:29
EmilyAI triage started — correlation enrichment
00:21:36
EmilyAI confidence: 79% — escalated to human analyst
00:21:54
Alert assigned to analyst: Anika Patel
00:22:59
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00387 | 3h ago | Kerberoasting Attempt | High | Escalated | SW-CORE-01 |
| ALR-00440 | 6h ago | Credential Stuffing Attempt | High | Investigating | SW-CORE-01 |
| ALR-00322 | 7h ago | Lateral Movement Detected | Low | False Positive | SW-CORE-01 |
| ALR-00463 | 16h ago | Rogue DHCP Server | Low | Escalated | SRV-BACKUP-01 |
| ALR-00159 | 19h ago | Rogue DHCP Server | High | Investigating | WS-LAP-010 |