Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 16:57:42 UTC

Rogue DHCP Server

Medium False Positive
ALR-00362 · 2026-04-11T14:34:43Z

Description

Rogue DHCP server detected on VLAN 10 from SRV-DC-01. Offering IPs in unexpected range. SOC365 Engine quarantined the device.

Alert Metadata

Alert ID
ALR-00362
Timestamp
2026-04-11T14:34:43Z
Severity
Medium
Status
False Positive
Detection Source
SOC365 Engine
Assigned Analyst
Marcus Webb

Endpoint Information

Hostname
SRV-DC-01
User Account
e.evans
Source IP
45.169.148.24
Destination IP
10.1.145.84
Origin Country
UA Ukraine

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

14:34:43 Event ingested by SOC365 Engine
14:34:47 EmilyAI triage started — correlation enrichment
14:34:49 EmilyAI confidence: 84% — escalated to human analyst
14:34:58 Alert assigned to analyst: Marcus Webb
14:36:31 Investigation started — querying SIEM and threat intelligence
14:43:23 Containment action taken — endpoint isolated
14:48:50 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00386 1h ago C2 Beacon Activity Medium Escalated SRV-DC-01
ALR-00268 1h ago Insider Threat Indicator Low Investigating SRV-DC-01
ALR-00146 4h ago Rogue DHCP Server Medium False Positive SRV-DC-01
ALR-00337 8h ago Rogue DHCP Server Low Resolved WS-PC-002
ALR-00078 16h ago Tor Exit Node Connection Low False Positive SRV-DC-01