Rogue DHCP Server
High
Open
ALR-00348 · 2026-07-06T12:30:00Z
Description
Rogue DHCP server detected on VLAN 10 from FW-EDGE-01. Offering IPs in unexpected range. Email Gateway quarantined the device.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
12:30:00
Event ingested by SOC365 Engine
12:30:05
EmilyAI triage started — correlation enrichment
12:30:09
EmilyAI confidence: 90% — escalated to human analyst
12:30:23
Alert assigned to analyst: Anika Patel
12:32:04
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00386 | 4h ago | Rogue DHCP Server | Low | Resolved | VM-DEV-01 |
| ALR-00487 | 10h ago | Shadow IT Discovery | Low | Resolved | FW-EDGE-01 |
| ALR-00217 | 10h ago | Rogue DHCP Server | Medium | Escalated | WS-MAC-005 |
| ALR-00106 | 11h ago | Suspicious Scheduled Task | Informational | Investigating | FW-EDGE-01 |
| ALR-00359 | 14h ago | Tor Exit Node Connection | Informational | Open | FW-EDGE-01 |