Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 23:42:51 UTC

Rogue DHCP Server

High Open
ALR-00348 · 2026-07-06T12:30:00Z

Description

Rogue DHCP server detected on VLAN 10 from FW-EDGE-01. Offering IPs in unexpected range. Email Gateway quarantined the device.

Alert Metadata

Alert ID
ALR-00348
Timestamp
2026-07-06T12:30:00Z
Severity
High
Status
Open
Detection Source
Email Gateway
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
FW-EDGE-01
User Account
l.johnson
Source IP
185.39.220.239
Destination IP
10.3.49.85
Origin Country
DE Germany

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

12:30:00 Event ingested by SOC365 Engine
12:30:05 EmilyAI triage started — correlation enrichment
12:30:09 EmilyAI confidence: 90% — escalated to human analyst
12:30:23 Alert assigned to analyst: Anika Patel
12:32:04 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00386 4h ago Rogue DHCP Server Low Resolved VM-DEV-01
ALR-00487 10h ago Shadow IT Discovery Low Resolved FW-EDGE-01
ALR-00217 10h ago Rogue DHCP Server Medium Escalated WS-MAC-005
ALR-00106 11h ago Suspicious Scheduled Task Informational Investigating FW-EDGE-01
ALR-00359 14h ago Tor Exit Node Connection Informational Open FW-EDGE-01