Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 20:36:45 UTC

Rogue DHCP Server

Low Investigating
ALR-00325 · 2026-07-05T04:44:22Z

Description

Rogue DHCP server detected on VLAN 10 from SRV-FILE-01. Offering IPs in unexpected range. DecoyPulse quarantined the device.

Alert Metadata

Alert ID
ALR-00325
Timestamp
2026-07-05T04:44:22Z
Severity
Low
Status
Investigating
Detection Source
DecoyPulse
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-FILE-01
User Account
h.roberts
Source IP
45.252.148.111
Destination IP
10.3.247.162
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

04:44:22 Event ingested by SOC365 Engine
04:44:24 EmilyAI triage started — correlation enrichment
04:44:37 EmilyAI confidence: 81% — escalated to human analyst
04:44:48 Alert assigned to analyst: EmilyAI (auto)
04:46:39 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00338 9h ago Rogue DHCP Server Informational False Positive SRV-WEB-01
ALR-00395 1d ago Tor Exit Node Connection High Investigating SRV-FILE-01
ALR-00322 1d ago Lateral Movement Detected Low Investigating SRV-FILE-01
ALR-00055 1d ago Brute Force SSH Medium False Positive SRV-FILE-01
ALR-00383 1d ago Rogue DHCP Server Low False Positive SRV-APP-01