Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:08:54 UTC

Rogue DHCP Server

Low Escalated
ALR-00338 · 2026-05-23T11:34:14Z

Description

Rogue DHCP server detected on VLAN 10 from WS-PC-006. Offering IPs in unexpected range. Attack Surface Scanner quarantined the device.

Alert Metadata

Alert ID
ALR-00338
Timestamp
2026-05-23T11:34:14Z
Severity
Low
Status
Escalated
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-006
User Account
k.brown
Source IP
194.73.62.79
Destination IP
10.1.165.87
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

11:34:14 Event ingested by SOC365 Engine
11:34:15 EmilyAI triage started — correlation enrichment
11:34:19 EmilyAI confidence: 84% — escalated to human analyst
11:34:58 Alert assigned to analyst: EmilyAI (auto)
11:37:14 Investigation started — querying SIEM and threat intelligence
11:37:18 Containment action taken — endpoint isolated
11:46:19 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00275 1h ago Rogue DHCP Server Medium Escalated WS-PC-006
ALR-00160 7h ago Brute Force SSH Medium Resolved WS-PC-006
ALR-00100 13h ago Rogue DHCP Server Low Investigating SRV-FILE-01
ALR-00230 17h ago Rogue DHCP Server Low False Positive SRV-DC-01
ALR-00058 18h ago Data Exfiltration Attempt Low Resolved WS-PC-006