Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:03:15 UTC

Rogue DHCP Server

Critical Open
ALR-00443 · 2026-05-22T06:23:03Z

Description

Rogue DHCP server detected on VLAN 10 from SRV-WEB-01. Offering IPs in unexpected range. Dark Web Monitor quarantined the device.

Alert Metadata

Alert ID
ALR-00443
Timestamp
2026-05-22T06:23:03Z
Severity
Critical
Status
Open
Detection Source
Dark Web Monitor
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SRV-WEB-01
User Account
h.roberts
Source IP
91.247.195.234
Destination IP
10.2.70.118
Origin Country
GB United Kingdom

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

06:23:03 Event ingested by SOC365 Engine
06:23:07 EmilyAI triage started — correlation enrichment
06:23:11 EmilyAI confidence: 95% — escalated to human analyst
06:23:25 Alert assigned to analyst: Anika Patel
06:25:10 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00490 3h ago Rogue DHCP Server High Open SRV-DC-01
ALR-00035 6h ago Rogue DHCP Server Informational Open SRV-APP-01
ALR-00240 14h ago Rogue DHCP Server Low False Positive SRV-MAIL-01
ALR-00348 14h ago Rogue DHCP Server Low False Positive SRV-DC-01
ALR-00341 16h ago Rogue DHCP Server Medium Escalated WS-PC-006