Rogue DHCP Server
High
Investigating
ALR-00387 · 2026-05-23T11:40:49Z
Description
Rogue DHCP server detected on VLAN 10 from WS-LAP-012. Offering IPs in unexpected range. Endpoint Agent quarantined the device.
Alert Metadata
Endpoint Information
MITRE ATT&CK Mapping
Investigation Timeline
11:40:49
Event ingested by SOC365 Engine
11:40:52
EmilyAI triage started — correlation enrichment
11:40:54
EmilyAI confidence: 81% — escalated to human analyst
11:41:30
Alert assigned to analyst: James Okonkwo
11:42:31
Investigation started — querying SIEM and threat intelligence
Related Alerts
| ID | Time | Alert | Severity | Status | Host |
|---|---|---|---|---|---|
| ALR-00268 | 28m ago | Rogue DHCP Server | Low | Investigating | SW-CORE-01 |
| ALR-00257 | 14h ago | Ransomware Behaviour Detected | Low | Escalated | WS-LAP-012 |
| ALR-00356 | 19h ago | Rogue DHCP Server | Informational | Investigating | SRV-MAIL-01 |
| ALR-00336 | 20h ago | Kerberoasting Attempt | Informational | False Positive | WS-LAP-012 |
| ALR-00019 | 21h ago | Rogue DHCP Server | Low | Resolved | SRV-SQL-01 |