Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:09:15 UTC

Rogue DHCP Server

High Investigating
ALR-00387 · 2026-05-23T11:40:49Z

Description

Rogue DHCP server detected on VLAN 10 from WS-LAP-012. Offering IPs in unexpected range. Endpoint Agent quarantined the device.

Alert Metadata

Alert ID
ALR-00387
Timestamp
2026-05-23T11:40:49Z
Severity
High
Status
Investigating
Detection Source
Endpoint Agent
Assigned Analyst
James Okonkwo

Endpoint Information

Hostname
WS-LAP-012
User Account
h.roberts
Source IP
45.105.148.40
Destination IP
10.3.173.114
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

11:40:49 Event ingested by SOC365 Engine
11:40:52 EmilyAI triage started — correlation enrichment
11:40:54 EmilyAI confidence: 81% — escalated to human analyst
11:41:30 Alert assigned to analyst: James Okonkwo
11:42:31 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00268 28m ago Rogue DHCP Server Low Investigating SW-CORE-01
ALR-00257 14h ago Ransomware Behaviour Detected Low Escalated WS-LAP-012
ALR-00356 19h ago Rogue DHCP Server Informational Investigating SRV-MAIL-01
ALR-00336 20h ago Kerberoasting Attempt Informational False Positive WS-LAP-012
ALR-00019 21h ago Rogue DHCP Server Low Resolved SRV-SQL-01