SID criteria when viewing NTP attacks
Please add more criterias to the Monitors/Logs/Log Type: Network Threat Protection/Log content: Attacks Page.
A very important field is missing --> the Signature ID.
It would help a lot when inspecting IPS events.
Two additional fields that I would suggest : Signature name and Intrusion URL fields.
What is clear is that, "Event type" field is not enough. For large environments there could be thousand of Intrusion prevent events in a single day.