I keep getting alerts for attacks/scans/etc that were blocked, but have no idea the souce. Keep seeing the same ones, thinking they come from the same place so I was going to add a firewall rule to block the IP or maybe the range.
This doesn’t help, I don’t see anything on the client itself, and I don’t see anythign in the portal (or I’m looking in the wrong place).
A high-risk intrusion was detected on SERVER2.domain.local within group Default Group on 3/31/2018 9:28:29 AM.
Web Attack: Malicious Scan Request
Targeted Port Number
Targeted Host Name