Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 22:56:36 UTC

Rogue DHCP Server

Low False Positive
ALR-00471 · 2026-05-26T11:04:26Z

Description

Rogue DHCP server detected on VLAN 10 from SRV-WEB-01. Offering IPs in unexpected range. Network IDS quarantined the device.

Alert Metadata

Alert ID
ALR-00471
Timestamp
2026-05-26T11:04:26Z
Severity
Low
Status
False Positive
Detection Source
Network IDS
Assigned Analyst
EmilyAI (auto)

Endpoint Information

Hostname
SRV-WEB-01
User Account
j.smith
Source IP
91.73.195.62
Destination IP
10.1.201.139
Origin Country
IR Iran

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

11:04:26 Event ingested by SOC365 Engine
11:04:30 EmilyAI triage started — correlation enrichment
11:04:32 EmilyAI confidence: 89% — escalated to human analyst
11:04:48 Alert assigned to analyst: EmilyAI (auto)
11:06:12 Investigation started — querying SIEM and threat intelligence
11:09:32 Containment action taken — endpoint isolated
11:18:33 Alert resolved — remediation complete

Related Alerts

ID Time Alert Severity Status Host
ALR-00072 3h ago Rogue DHCP Server Informational Investigating WS-LAP-012
ALR-00321 6h ago Pass-the-Hash Detected Informational Open SRV-WEB-01
ALR-00148 10h ago Rogue DHCP Server Low Escalated SRV-MAIL-01
ALR-00383 10h ago Malware Signature Match Medium False Positive SRV-WEB-01
ALR-00344 12h ago Rogue DHCP Server Informational Escalated WS-PC-001