I need a solution
Platform is Windows Server 2012
Every couple of days I receive the following email regarding a high-risk intrusion. This is not external facing. I'm not sure if it's a valid attempt/block or if it's a Windows update or Symantec update thing. It's always the same IP address. Any help would be appreciated. Thank you
A high-risk intrusion was detected on SERVER.XXX.local within group Default Group on 4/13/2015 1:38:59 AM.
Intrusion Name
Attack: an intrusion attempt was blocked.
Attack: an intrusion attempt was blocked.
Targeted Application
Targeted IP
192.168.1.5
192.168.1.5
Targeted Port Number
0
0
Targeted Host Name
Status
Blocked
Blocked
