Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:18:44 UTC

Rogue DHCP Server

Medium False Positive
ALR-00337 · 2026-04-07T17:06:24Z

Description

Rogue DHCP server detected on VLAN 10 from WS-MAC-005. Offering IPs in unexpected range. Dark Web Monitor quarantined the device.

Alert Metadata

Alert ID
ALR-00337
Timestamp
2026-04-07T17:06:24Z
Severity
Medium
Status
False Positive
Detection Source
Dark Web Monitor
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
WS-MAC-005
User Account
h.roberts
Source IP
45.161.148.173
Destination IP
10.1.210.186
Origin Country
VN Vietnam

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

17:06:24 Event ingested by SOC365 Engine
17:06:26 EmilyAI triage started — correlation enrichment
17:06:34 EmilyAI confidence: 98% — escalated to human analyst
17:07:03 Alert assigned to analyst: Anika Patel
17:08:23 Investigation started — querying SIEM and threat intelligence
17:12:18 Containment action taken — endpoint isolated
17:22:47 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00298 2h ago Rogue DHCP Server Informational Open SW-CORE-01
ALR-00154 4h ago Privilege Escalation Attempt Low Investigating WS-MAC-005
ALR-00376 5h ago DecoyPulse Honeypot Triggered Low Escalated WS-MAC-005
ALR-00073 8h ago Rogue DHCP Server Informational False Positive WS-PC-001
ALR-00184 9h ago Rogue DHCP Server Low Escalated WS-LAP-012