Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:03:40 UTC

Rogue DHCP Server

Medium False Positive
ALR-00398 · 2026-05-22T21:14:19Z

Description

Rogue DHCP server detected on VLAN 10 from WS-LAP-012. Offering IPs in unexpected range. Endpoint Agent quarantined the device.

Alert Metadata

Alert ID
ALR-00398
Timestamp
2026-05-22T21:14:19Z
Severity
Medium
Status
False Positive
Detection Source
Endpoint Agent
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
WS-LAP-012
User Account
m.taylor
Source IP
185.252.220.21
Destination IP
10.3.156.243
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

21:14:19 Event ingested by SOC365 Engine
21:14:21 EmilyAI triage started — correlation enrichment
21:14:34 EmilyAI confidence: 82% — escalated to human analyst
21:14:50 Alert assigned to analyst: Anika Patel
21:15:51 Investigation started — querying SIEM and threat intelligence
21:21:59 Containment action taken — endpoint isolated
21:26:20 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00490 3h ago Rogue DHCP Server High Open SRV-DC-01
ALR-00035 6h ago Rogue DHCP Server Informational Open SRV-APP-01
ALR-00240 14h ago Rogue DHCP Server Low False Positive SRV-MAIL-01
ALR-00348 14h ago Rogue DHCP Server Low False Positive SRV-DC-01
ALR-00341 16h ago Rogue DHCP Server Medium Escalated WS-PC-006