Rules blocking my IP

Hello guys, so I have Suricata running on my network, in IDS mode, when he captures something he sends me an email informing me. Now I just received an IP blocking email, but my public External IP, the company’s IP, was blocked by the following rule.

The signature ID is [1: 2029107: 5] Et Hunting Suspicious TLS SNI Request for Possible COVID-19 Domain M1 event timestamp …

Can anyone tell me what could generate this?

Take a look at the alert your eve.json log file. It will most likely contain more contextual information.