Have a bit of a strange situation. Have a workstation that one day started causing some intrusion prevention alerts to be sent to the admin. Not a huge deal SEPSBE handled it, but then when we went to that machine and looked at it's history of events there was no record of the event in Resolved Security Risk. Is there some other place I should look for this event on the local workstation?
A high-risk intrusion was detected on GREGDDESKTOP.(deleted for security reasons).local within group Default Group on 9/20/2017 12:54:21 PM.
IPS Alert Name
Web Attack: Malicious Redirection 37
Status
Blocked
Attack Signature
N/A
Targeted Application
N/A
Targeted IP
192.168.55.118
Targeted Port Number
60988
Targeted Host Name
GREGDDESKTOP