Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 17:10:16 UTC

Rogue DHCP Server

Informational Open
ALR-00388 · 2026-05-21T13:26:05Z

Description

Rogue DHCP server detected on VLAN 10 from WS-PC-004. Offering IPs in unexpected range. DLP Module quarantined the device.

Alert Metadata

Alert ID
ALR-00388
Timestamp
2026-05-21T13:26:05Z
Severity
Informational
Status
Open
Detection Source
DLP Module
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
WS-PC-004
User Account
d.walker
Source IP
194.17.62.17
Destination IP
10.0.28.20
Origin Country
KP North Korea

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

13:26:05 Event ingested by SOC365 Engine
13:26:09 EmilyAI triage started — correlation enrichment
13:26:16 EmilyAI confidence: 97% — escalated to human analyst
13:26:39 Alert assigned to analyst: EmilyAI (auto)
13:27:54 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00079 1h ago Privilege Escalation Attempt Informational False Positive WS-PC-004
ALR-00200 4h ago Rogue DHCP Server Informational False Positive SRV-FILE-01
ALR-00371 5h ago Rogue DHCP Server Low False Positive SW-CORE-01
ALR-00025 7h ago Rogue DHCP Server Medium False Positive WS-LAP-011
ALR-00164 7h ago Rogue DHCP Server High Investigating SRV-MAIL-01