Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 15:18:45 UTC

Rogue DHCP Server

Critical Escalated
ALR-00342 · 2026-04-09T10:25:37Z

Description

Rogue DHCP server detected on VLAN 10 from SRV-DC-01. Offering IPs in unexpected range. EmilyAI Triage quarantined the device.

Alert Metadata

Alert ID
ALR-00342
Timestamp
2026-04-09T10:25:37Z
Severity
Critical
Status
Escalated
Detection Source
EmilyAI Triage
Assigned Analyst
Emma Richardson

Endpoint Information

Hostname
SRV-DC-01
User Account
c.williams
Source IP
45.5.148.77
Destination IP
10.2.219.104
Origin Country
RU Russia

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

10:25:37 Event ingested by SOC365 Engine
10:25:38 EmilyAI triage started — correlation enrichment
10:25:47 EmilyAI confidence: 87% — escalated to human analyst
10:26:00 Alert assigned to analyst: Emma Richardson
10:26:28 Investigation started — querying SIEM and threat intelligence
10:29:32 Containment action taken — endpoint isolated
10:40:17 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00298 2h ago Rogue DHCP Server Informational Open SW-CORE-01
ALR-00073 8h ago Rogue DHCP Server Informational False Positive WS-PC-001
ALR-00045 8h ago Suspicious PowerShell Execution Medium False Positive SRV-DC-01
ALR-00184 9h ago Rogue DHCP Server Low Escalated WS-LAP-012
ALR-00325 1d ago Unauthorised USB Device Medium Escalated SRV-DC-01