Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 18:04:50 UTC

Rogue DHCP Server

Informational Escalated
ALR-00450 · 2026-05-27T09:28:41Z

Description

Rogue DHCP server detected on VLAN 10 from SW-CORE-01. Offering IPs in unexpected range. Attack Surface Scanner quarantined the device.

Alert Metadata

Alert ID
ALR-00450
Timestamp
2026-05-27T09:28:41Z
Severity
Informational
Status
Escalated
Detection Source
Attack Surface Scanner
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SW-CORE-01
User Account
k.brown
Source IP
45.172.148.82
Destination IP
10.0.5.180
Origin Country
BR Brazil

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

09:28:41 Event ingested by SOC365 Engine
09:28:42 EmilyAI triage started — correlation enrichment
09:28:56 EmilyAI confidence: 94% — escalated to human analyst
09:29:22 Alert assigned to analyst: EmilyAI (auto)
09:29:54 Investigation started — querying SIEM and threat intelligence
09:37:01 Containment action taken — endpoint isolated
09:47:57 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00320 1h ago Rogue DHCP Server Informational Escalated WS-PC-001
ALR-00082 6h ago Rogue DHCP Server Medium Investigating SRV-WEB-01
ALR-00129 6h ago Failed MFA Challenge Low Open SW-CORE-01
ALR-00159 7h ago Rogue DHCP Server Low Resolved SRV-DC-01
ALR-00162 13h ago Unauthorised USB Device Medium Escalated SW-CORE-01