Hello Anders,
Make sure that the SRU is on the latest version.
If you are receiving alerts like this , we need to verify the packet capture for this intrusion events.
You should collect packet download from Analysis > intrusion events > Select the respective intrusion event >Download packet .
Collect the capture and open a service request with TAC to analyze the same.
Regards
Jetsy