<div dir="ltr">Looking at this <a href="https://forum.ipfire.org/viewtopic.php?t=22693" style="user-select: auto;">https://forum.ipfire.org/viewtopic.php?t=22693</a> it would appear that support for eve may not be a part of the IPfire deployment. I haven't used it personally, so i am not certain how accurate this is.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 20, 2020 at 2:15 PM Christopher Wensink <<a href="mailto:cwensink@five-star-plastics.com">cwensink@five-star-plastics.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div>
    <img src="cid:1719982cb666b4a116d1" alt=""><br>
    I have swatch installed and when I search for eve.json I'm not
    finding anything.  I am using suricata.<br>
    <br>
    Am I missing something?<br>
    <div>On 4/20/2020 3:11 PM, Jason Williams
      wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="ltr">If you're using Suricata, there's the eve.json file
        that by default will contain everything. If you're using snort,
        it depends what outputs you have enabled. </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Mon, Apr 20, 2020 at 1:33
          PM Christopher Wensink <<a href="mailto:cwensink@five-star-plastics.com" target="_blank">cwensink@five-star-plastics.com</a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
          <div> Thanks Jason,<br>
            <br>
            I don't suppose there's a log file somewhere that would list
            out entries together?  Otherwise I'll just have to search
            fast.log and the other logs to manually line up the timing.<br>
            <br>
            Chris<br>
            <br>
            <div>On 4/20/2020 2:09 PM, Jason Williams wrote:<br>
            </div>
            <blockquote type="cite">
              <div dir="ltr">Chris,
                <div><br>
                </div>
                <div>This rule is a *default disabled* ET OPEN rule that
                  is really just a regex that looks at a bunch of
                  "porn-centric" phrases and words that would be present
                  in the content of a webpage as it is returned to a
                  client on the monitored network.</div>
                <div><br>
                </div>
                <div>If you wanted to know more about the hits, you
                  would have to investigate further into the logs that
                  may or may not be generated on your firewall to
                  observe what the URL is that is being requested and
                  make a determination on next steps. If you wanted it
                  to stop firing, it could be suppressed by disabling
                  the rule as is default in the ET OPEN ruleset.</div>
                <div><br>
                </div>
                <div>My suspicion is that these may be False Positives
                  as many of the IPs I looked at are hosting linux
                  distribution files, but you never know until you find
                  the actual url.</div>
                <div><br>
                </div>
                <div>Thanks,</div>
                <div><br>
                </div>
                <div>Jason</div>
              </div>
              <br>
              <div class="gmail_quote">
                <div dir="ltr" class="gmail_attr">On Mon, Apr 20, 2020
                  at 12:33 PM Christopher Wensink <<a href="mailto:cwensink@five-star-plastics.com" target="_blank">cwensink@five-star-plastics.com</a>>
                  wrote:<br>
                </div>
                <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On our Company
                  IPFire main router I am seeing entries in fast.log
                  since<br>
                  4/13 that look like this : <br>
                  <br>
                  04/13/2020-08:03:03.542262  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://128.135.235.254:80" rel="noreferrer" target="_blank">128.135.235.254:80</a>
                  -> <external-red-ip>:57834<br>
                  04/13/2020-08:03:06.605389  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://147.75.197.195:80" rel="noreferrer" target="_blank">147.75.197.195:80</a>
                  -> <external-red-ip>:54242<br>
                  04/13/2020-08:03:09.711630  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://104.148.30.241:80" rel="noreferrer" target="_blank">104.148.30.241:80</a>
                  -> <external-red-ip>:47376<br>
                  04/13/2020-08:03:10.915841  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://147.75.197.195:80" rel="noreferrer" target="_blank">147.75.197.195:80</a>
                  -> <external-red-ip>:54244<br>
                  04/13/2020-08:03:39.746609  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://128.153.145.19:80" rel="noreferrer" target="_blank">128.153.145.19:80</a>
                  -> <external-red-ip>:33382<br>
                  04/13/2020-08:03:41.763956  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://68.235.39.83:80" rel="noreferrer" target="_blank">68.235.39.83:80</a> ->
                  <external-red-ip>:44004<br>
                  04/13/2020-08:03:45.085779  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://173.44.32.10:80" rel="noreferrer" target="_blank">173.44.32.10:80</a> ->
                  <external-red-ip>:36346<br>
                  04/13/2020-08:03:46.315131  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://104.219.172.11:80" rel="noreferrer" target="_blank">104.219.172.11:80</a>
                  -> <external-red-ip>:41564<br>
                  04/13/2020-08:04:12.239150  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://198.82.152.116:80" rel="noreferrer" target="_blank">198.82.152.116:80</a>
                  -> <external-red-ip>:58932<br>
                  04/13/2020-08:04:15.114494  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://131.225.105.75:80" rel="noreferrer" target="_blank">131.225.105.75:80</a>
                  -> <external-red-ip>:47166<br>
                  04/13/2020-08:04:15.381208  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://208.85.242.118:80" rel="noreferrer" target="_blank">208.85.242.118:80</a>
                  -> <external-red-ip>:38596<br>
                  04/13/2020-08:04:16.224797  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://128.153.145.19:80" rel="noreferrer" target="_blank">128.153.145.19:80</a>
                  -> <external-red-ip>:33578<br>
                  04/13/2020-08:04:42.081758  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://131.225.105.75:80" rel="noreferrer" target="_blank">131.225.105.75:80</a>
                  -> <external-red-ip>:47204<br>
                  04/13/2020-08:04:45.278575  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://147.75.197.195:80" rel="noreferrer" target="_blank">147.75.197.195:80</a>
                  -> <external-red-ip>:54568<br>
                  04/13/2020-08:04:46.309885  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://128.153.145.19:80" rel="noreferrer" target="_blank">128.153.145.19:80</a>
                  -> <external-red-ip>:33618<br>
                  04/13/2020-08:04:46.439111  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://208.85.242.118:80" rel="noreferrer" target="_blank">208.85.242.118:80</a>
                  -> <external-red-ip>:38642<br>
                  04/13/2020-08:05:16.368282  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://208.85.242.118:80" rel="noreferrer" target="_blank">208.85.242.118:80</a>
                  -> <external-red-ip>:38670<br>
                  04/13/2020-08:05:46.156897  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://128.135.235.254:80" rel="noreferrer" target="_blank">128.135.235.254:80</a>
                  -> <external-red-ip>:58208<br>
                  04/13/2020-08:05:46.221470  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://147.75.197.195:80" rel="noreferrer" target="_blank">147.75.197.195:80</a>
                  -> <external-red-ip>:54640<br>
                  04/13/2020-08:05:46.271516  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://128.153.145.19:80" rel="noreferrer" target="_blank">128.153.145.19:80</a>
                  -> <external-red-ip>:33686<br>
                  04/13/2020-08:05:46.378775  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://208.85.242.118:80" rel="noreferrer" target="_blank">208.85.242.118:80</a>
                  -> <external-red-ip>:38710<br>
                  04/13/2020-08:06:16.188599  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://68.235.39.83:80" rel="noreferrer" target="_blank">68.235.39.83:80</a> ->
                  <external-red-ip>:44386<br>
                  04/13/2020-08:06:16.289229  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://104.148.30.241:80" rel="noreferrer" target="_blank">104.148.30.241:80</a>
                  -> <external-red-ip>:47918<br>
                  04/13/2020-08:06:16.359338  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://173.44.32.10:80" rel="noreferrer" target="_blank">173.44.32.10:80</a> ->
                  <external-red-ip>:36728<br>
                  04/13/2020-08:06:16.392580  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://104.219.172.11:80" rel="noreferrer" target="_blank">104.219.172.11:80</a>
                  -> <external-red-ip>:41940<br>
                  04/13/2020-08:06:46.298890  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://198.82.152.116:80" rel="noreferrer" target="_blank">198.82.152.116:80</a>
                  -> <external-red-ip>:59288<br>
                  04/13/2020-08:06:46.360797  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://173.44.32.10:80" rel="noreferrer" target="_blank">173.44.32.10:80</a> ->
                  <external-red-ip>:36788<br>
                  04/13/2020-08:06:46.393006  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://131.225.105.75:80" rel="noreferrer" target="_blank">131.225.105.75:80</a>
                  -> <external-red-ip>:47520<br>
                  04/13/2020-08:07:16.199580  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://68.235.39.83:80" rel="noreferrer" target="_blank">68.235.39.83:80</a> ->
                  <external-red-ip>:44510<br>
                  04/13/2020-08:07:16.207134  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://128.135.235.254:80" rel="noreferrer" target="_blank">128.135.235.254:80</a>
                  -> <external-red-ip>:58508<br>
                  04/13/2020-08:07:16.300833  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://198.82.152.116:80" rel="noreferrer" target="_blank">198.82.152.116:80</a>
                  -> <external-red-ip>:59354<br>
                  04/13/2020-08:07:16.316368  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://104.148.30.241:80" rel="noreferrer" target="_blank">104.148.30.241:80</a>
                  -> <external-red-ip>:48046<br>
                  04/13/2020-08:07:46.222333  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://131.225.105.75:80" rel="noreferrer" target="_blank">131.225.105.75:80</a>
                  -> <external-red-ip>:47622<br>
                  04/13/2020-08:07:46.403786  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://104.219.172.11:80" rel="noreferrer" target="_blank">104.219.172.11:80</a>
                  -> <external-red-ip>:42106<br>
                  04/13/2020-08:08:16.214535  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://68.235.39.83:80" rel="noreferrer" target="_blank">68.235.39.83:80</a> ->
                  <external-red-ip>:44578<br>
                  04/13/2020-08:08:16.283075  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://128.135.235.254:80" rel="noreferrer" target="_blank">128.135.235.254:80</a>
                  -> <external-red-ip>:58578<br>
                  04/13/2020-08:08:16.389031  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://173.44.32.10:80" rel="noreferrer" target="_blank">173.44.32.10:80</a> ->
                  <external-red-ip>:36922<br>
                  04/13/2020-08:08:16.413706  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://104.219.172.11:80" rel="noreferrer" target="_blank">104.219.172.11:80</a>
                  -> <external-red-ip>:42134<br>
                  04/13/2020-08:08:46.530418  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://198.82.152.116:80" rel="noreferrer" target="_blank">198.82.152.116:80</a>
                  -> <external-red-ip>:59724<br>
                  04/13/2020-08:08:46.539093  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://104.148.30.241:80" rel="noreferrer" target="_blank">104.148.30.241:80</a>
                  -> <external-red-ip>:48416<br>
                  04/13/2020-08:36:58.061164  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://64.250.112.70:80" rel="noreferrer" target="_blank">64.250.112.70:80</a> ->
                  <external-red-ip>:46694<br>
                  <br>
                  There are hundreds of entries.  I'm not clear on the
                  structure of the<br>
                  rule if this is an attack from the outside IP, like a
                  DDos attach or if<br>
                  this is someone surfing porn on the LAN.<br>
                  <br>
                  I need some assistance on how I can tell, what log
                  files to look at, and<br>
                  to know for sure if this is a security issue, someone
                  looking at porn or<br>
                  a false positive.  The IP address varies for a number
                  of requests<br>
                  starting on 4/13 at 8:03:03 AM, then on 4/14 nearly
                  every entry goes to<br>
                  one specific IP:<br>
                  <br>
                  04/14/2020-08:25:20.419891  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://204.99.128.20:80" rel="noreferrer" target="_blank">204.99.128.20:80</a> ->
                  <external-red-ip>:33796<br>
                  04/14/2020-08:25:20.494696  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://104.251.122.5:80" rel="noreferrer" target="_blank">104.251.122.5:80</a> ->
                  <external-red-ip>:32924<br>
                  04/14/2020-08:25:25.979955  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://72.5.72.15:80" rel="noreferrer" target="_blank">72.5.72.15:80</a> ->
                  <external-red-ip>:58870<br>
                  04/14/2020-08:25:50.411166  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://65.19.65.9:80" rel="noreferrer" target="_blank">65.19.65.9:80</a> ->
                  <external-red-ip>:51840<br>
                  04/14/2020-08:38:57.554765  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://192.229.210.142:80" rel="noreferrer" target="_blank">192.229.210.142:80</a>
                  -> <external-red-ip>:55564<br>
                  04/14/2020-08:39:17.119673  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://192.229.210.142:80" rel="noreferrer" target="_blank">192.229.210.142:80</a>
                  -> <external-red-ip>:55618<br>
                  04/14/2020-08:54:33.299196  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://192.229.210.142:80" rel="noreferrer" target="_blank">192.229.210.142:80</a>
                  -> <external-red-ip>:56122<br>
                  04/14/2020-09:09:53.058708  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://192.229.210.142:80" rel="noreferrer" target="_blank">192.229.210.142:80</a>
                  -> <external-red-ip>:56582<br>
                  04/14/2020-09:54:33.724276  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://192.229.210.142:80" rel="noreferrer" target="_blank">192.229.210.142:80</a>
                  -> <external-red-ip>:59182<br>
                  04/14/2020-10:10:09.686239  [Drop] [**] [1:2001608:9]
                  ET INAPPROPRIATE<br>
                  Likely Porn [**] [Classification: Potential Corporate
                  Privacy Violation]<br>
                  [Priority: 1] {TCP} <a href="http://192.229.210.142:80" rel="noreferrer" target="_blank">192.229.210.142:80</a>
                  -> <external-red-ip>:60316<br>
                  <br>
                  As an IT department of 1 I do not spend much time
                  diving into these<br>
                  rules so I am inexperienced in this area, with too
                  much responsibility<br>
                  and not enough time.<br>
                  <br>
                  What is the best way to proceed?<br>
                  <br>
                  Chris<br>
                  _______________________________________________<br>
                  Emerging-updates mailing list<br>
                  <a href="mailto:Emerging-updates@lists.emergingthreats.net" target="_blank">Emerging-updates@lists.emergingthreats.net</a><br>
                  <a href="https://lists.emergingthreats.net/mailman/listinfo/emerging-updates" rel="noreferrer" target="_blank">https://lists.emergingthreats.net/mailman/listinfo/emerging-updates</a><br>
                </blockquote>
              </div>
            </blockquote>
            <br>
            <pre cols="72">-- 
Christopher Wensink
IS Administrator
Five Star Plastics, Inc
1339 Continental Drive 
Eau Claire, WI 54701
Office:  715-831-1682
Mobile:  715-563-3112
Fax:  715-831-6075
<a href="mailto:cwensink@five-star-plastics.com" target="_blank">cwensink@five-star-plastics.com</a>
<a href="http://www.five-star-plastics.com" target="_blank">www.five-star-plastics.com</a></pre>
          </div>
        </blockquote>
      </div>
    </blockquote>
    <br>
    <pre cols="72">-- 
Christopher Wensink
IS Administrator
Five Star Plastics, Inc
1339 Continental Drive 
Eau Claire, WI 54701
Office:  715-831-1682
Mobile:  715-563-3112
Fax:  715-831-6075
<a href="mailto:cwensink@five-star-plastics.com" target="_blank">cwensink@five-star-plastics.com</a>
<a href="http://www.five-star-plastics.com" target="_blank">www.five-star-plastics.com</a></pre>
  </div>

</blockquote></div>