I been grinding my gear for the last couple of days in regards to IDS snort rule causing maybe a false positive.
IDS rule went out Mar 31 18.104.22.168, which started alerting us of varies port scan going on in our internal network across all computers. We couldn't identify the culprit other then IDS was picking on maybe Dropbox lan sync. This was only happening at our 3 Main hubs which are mx100s and 84s. There has been an update to snort rule that was pushed out this afternoon.This has calmed things down.
For the IDS support or question, do we go thru meraki or SNORT.org, talos for further information on these rules, patch notes.