Rogue DHCP Server
Low
Investigating
ALR-00325 · 2026-07-05T04:44:22Z
Description
Rogue DHCP server detected on VLAN 10 from SRV-FILE-01. Offering IPs in unexpected range. DecoyPulse quarantined the device.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
04:44:22
Event ingested by SOC365 Engine
04:44:24
EmilyAI triage started — correlation enrichment
04:44:37
EmilyAI confidence: 81% — escalated to human analyst
04:44:48
Alert assigned to analyst: EmilyAI (auto)
04:46:39
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00338 | 9h ago | Rogue DHCP Server | Informational | False Positive | SRV-WEB-01 |
| ALR-00395 | 1d ago | Tor Exit Node Connection | High | Investigating | SRV-FILE-01 |
| ALR-00322 | 1d ago | Lateral Movement Detected | Low | Investigating | SRV-FILE-01 |
| ALR-00055 | 1d ago | Brute Force SSH | Medium | False Positive | SRV-FILE-01 |
| ALR-00383 | 1d ago | Rogue DHCP Server | Low | False Positive | SRV-APP-01 |