If I am receiving way too many IPS alerts , does that indicate that traffic passed through the Location Block + firewall or IP blocklist?
I used to get a very few IPS alerts before switching to core update 198.
Since the upgrade I am getting 7000-9000 alerts daily and don’t know why.
The new Reporting is amazing, I just can’t handle so many alerts.
I already disabled “Priority 3” allerts, so those are not an issue.
Since the 198 upgrade I have been getting thousands of Priority 2 from “ET CINS Active Threat Intelligence Poor Reputation IP group” and similar .
There is an obvious reason for IPS alerts but I have no firewall rules with allowed incoming traffic and Location block is set to CHECK ALL and CHECK for “Incoming traffic will be blocked”
If this malicious traffic is being noticed by IPS, does it mean it passed through the Location Block + firewall or IP blocklist? My IP blocklist is has all checked as well including CIARMY.