Hello,
I've been tasked with finding out why the emails reporting attempted intrusions state "Targeted Port Number 0" when intrusion attempts are made on port 80. eg:
Intrusion Name
Attack: an intrusion attempt was blocked.
Targeted Application
Targeted IP
x.x.x.x
Targeted Port Number
0
Targeted Host Name
Status
Blocked
When I pull up the logs, the request went to something like, "http://x.x.x.x/cgi-bin/somepage.php?%20%20%20..." etc. The request was clearly made to port 80, but the email is not reporting this correctly. Is there a plan to fix this?