Hello,
FTD's 2110 running 7.4.2.
Under intrusion events dashboard some of my top attackers are my DC's that run DHCP and DNS. I'm trying to understand why Cisco is classifying what looks like normal DNS traffic as a port scan saying the client was using an unusual port. False positive or am I missing something?
Thanks in advance.
