Rogue DHCP Server
Medium
Open
ALR-00380 · 2026-07-09T02:15:12Z
Description
Rogue DHCP server detected on VLAN 10 from WS-PC-001. Offering IPs in unexpected range. Email Gateway quarantined the device.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
02:15:12
Event ingested by SOC365 Engine
02:15:13
EmilyAI triage started — correlation enrichment
02:15:22
EmilyAI confidence: 97% — escalated to human analyst
02:15:44
Alert assigned to analyst: Sarah Chen
02:18:04
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00056 | 2h ago | C2 Beacon Activity | Low | Resolved | WS-PC-001 |
| ALR-00301 | 3h ago | Certificate Anomaly | Low | Open | WS-PC-001 |
| ALR-00310 | 10h ago | Rogue DHCP Server | Informational | Resolved | VM-DEV-01 |
| ALR-00194 | 11h ago | Rogue DHCP Server | Low | Investigating | SRV-SQL-01 |
| ALR-00286 | 18h ago | Rogue DHCP Server | High | Investigating | SRV-MAIL-01 |