Hello,
Is there a SID referenced?
For example: [SID: 20386] MS RPCSS Attack (2) detected. Traffic has been blocked from this application: C:\WINDOWS\system32\svchost.exe
You can then use it to lookup what signature is being tripped. To do this login to SEPM and go to Policies ---> under View Policies, select your Intrusion Prevention policy and double-click it. Select Exceptions ---> Click Add and from here you will see all the current signatures. You should be able to locate the correct SID and find out more about what is going on.
You can check the logs. Go to Monitors ---> Logs ---> Network Threat Protection for the log type and Attacks for the log content. You can search by the computer name / IP by going into the Advanced Settings to get more granular.
You can also turn these notifications off so users don't see them. Go to Clients ---> Policies tab ---> click the "+" next to Location-specific Settings to expand and select Tasks ---> Edit Settings ---> select Customize for whatever control you have it set to and uncheck Display Intrusion Prevention notifications