DHCP
| Windows DHCP | |
|---|---|
| Description |
The Windows DHCP dashboard shows information that has been renewed, DHCP events and failed/succesful DNS updates. |
| Log Source | Windows DHCP |
| Value |
The DHCP log is necessary to determine which devices has had a given IP adress at a certain time frame. |
| Rationale | While there is no direct MITRE ATT&CK mapping, this dashboard provides essential visibility into device-IP assignments and DNS update events. This is critical for incident response and forensic investigations, especially for identifying compromised devices. It supports NIST 800-53 AU-12 (Audit Generation), CM-8 (System Component Inventory), ISO 27001 A.12.4.1 (Event Logging), and CIS Control 1.1 (Inventory of Devices). |
|
Widgets / Use cases |
1. DHCP Renewed - List 2. Top 10 Lease Address in Renewed DHCP 3. Top 10 Lease Address in Denied Lease 4. DHCP Lease Denied - List 5. DNS Update Successful - List 6. DNS Update Failed - List 7. Top 10 Hosts in Successful DNS Update 8. Top 10 Hosts in Failed DNS Update 9. DHCP Event Timetrend |
| Comments | |
| Type | Dashboard |
| MITRE ATT&CK | None |
