Interactive Demo — Simulated data only. Back to SOC in a Box
SOC365 Dashboard
Acme Legal Services Ltd Live 19:50:10 UTC

Rogue DHCP Server

Medium Investigating
ALR-00481 · 2026-07-05T01:59:02Z

Description

Rogue DHCP server detected on VLAN 10 from SRV-APP-01. Offering IPs in unexpected range. Endpoint Agent quarantined the device.

Alert Metadata

Alert ID
ALR-00481
Timestamp
2026-07-05T01:59:02Z
Severity
Medium
Status
Investigating
Detection Source
Endpoint Agent
Assigned Analyst
Anika Patel

Endpoint Information

Hostname
SRV-APP-01
User Account
f.hall
Source IP
185.203.220.91
Destination IP
10.3.164.162
Origin Country
IN India

MITRE ATT&CK Mapping

Tactic
Discovery
Technique
T1557.003
Reference
attack.mitre.org/techniques/T1557.003

Investigation Timeline

01:59:02 Event ingested by SOC365 Engine
01:59:07 EmilyAI triage started — correlation enrichment
01:59:12 EmilyAI confidence: 86% — escalated to human analyst
01:59:19 Alert assigned to analyst: Anika Patel
02:01:00 Investigation started — querying SIEM and threat intelligence

Related Alerts

ID Time Alert Severity Status Host
ALR-00109 2h ago Rogue DHCP Server Medium Investigating SRV-DC-01
ALR-00224 2h ago Lateral Movement Detected Low Investigating SRV-APP-01
ALR-00483 10h ago Unauthorised USB Device High Investigating SRV-APP-01
ALR-00129 11h ago Rogue DHCP Server Low Resolved WS-LAP-012
ALR-00410 13h ago Rogue DHCP Server Informational Escalated VM-DEV-01