I am experiencing the exact same issues with CentOS 7.Cisco AnyConnect Secure Mobility Client version 4.6.00362 (Linux Package) CentOS Linux release 7.5.1804 (Core)Linux 3.10.0-862.3.2.el7.x86_64 #1 SMP Mon May 21 23:36:36 UTC 2018 x86_64 x86_64 x86_...

We're seeing the same thing. The traffic that is triggering the alerts are web requests sent to various advertisement sites. The uri's seem to match the pattern in the signature, although they look non-malicious.