Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 13:50:28 UTC

Rogue DHCP Server

Medium False Positive
ALR-00359 · 2026-04-11T07:57:43Z

Description

Rogue DHCP server detected on VLAN 10 from SRV-SQL-01. Offering IPs in unexpected range. DLP Module quarantined the device.

Alert Metadata

Alert ID
ALR-00359
Timestamp
2026-04-11T07:57:43Z
Severity
Medium
Status
False Positive
Detection Source
DLP Module
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SRV-SQL-01
User Account
s.jones
Source IP
103.140.216.140
Destination IP
10.3.212.224
Origin Country
NL Netherlands

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

07:57:43 Event ingested by SOC365 Engine
07:57:47 EmilyAI triage started — correlation enrichment
07:57:56 EmilyAI confidence: 97% — escalated to human analyst
07:58:15 Alert assigned to analyst: Anika Patel
07:58:44 Investigation started — querying SIEM and threat intelligence
08:03:57 Containment action taken — endpoint isolated
08:14:34 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00223 6h ago Port Scan Detected Medium False Positive SRV-SQL-01
ALR-00421 15h ago Lateral Movement Detected Low False Positive SRV-SQL-01
ALR-00072 16h ago Rogue DHCP Server Informational Open WS-PC-002
ALR-00460 18h ago Rogue DHCP Server Informational False Positive SRV-APP-01
ALR-00161 20h ago Data Exfiltration Attempt Low Resolved SRV-SQL-01