Hello guys, so I have Suricata running on my network, in IDS mode, when he captures something he sends me an email informing me. Now I just received an IP blocking email, but my public External IP, the company’s IP, was blocked by the following rule.
The signature ID is [1: 2029107: 5] Et Hunting Suspicious TLS SNI Request for Possible COVID-19 Domain M1 event timestamp …
Can anyone tell me what could generate this?