Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:25:28 UTC

Rogue DHCP Server

Medium Resolved
ALR-00335 · 2026-04-09T11:38:32Z

Description

Rogue DHCP server detected on VLAN 10 from WS-PC-003. Offering IPs in unexpected range. Network IDS quarantined the device.

Alert Metadata

Alert ID
ALR-00335
Timestamp
2026-04-09T11:38:32Z
Severity
Medium
Status
Resolved
Detection Source
Network IDS
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
WS-PC-003
User Account
e.evans
Source IP
45.50.148.242
Destination IP
10.1.182.204
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

11:38:32 Event ingested by SOC365 Engine
11:38:37 EmilyAI triage started — correlation enrichment
11:38:44 EmilyAI confidence: 82% — escalated to human analyst
11:38:53 Alert assigned to analyst: Emma Richardson
11:40:32 Investigation started — querying SIEM and threat intelligence
11:46:32 Containment action taken — endpoint isolated
11:56:06 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00285 2h ago Tor Exit Node Connection Low Escalated WS-PC-003
ALR-00067 7h ago Data Exfiltration Attempt Informational Investigating WS-PC-003
ALR-00344 18h ago Ransomware Behaviour Detected Informational Open WS-PC-003
ALR-00075 23h ago Shadow IT Discovery High Investigating WS-PC-003
ALR-00417 1d ago Suspicious Scheduled Task Medium Open WS-PC-003