The report name is HIP_Top_NIPS_by_SourceIP and then it lists system name, Threat Target IPv4 Address, Operating System, Threat Name, Threat Severity and Threat Source IPv4 Address. In Threat Name it has numbers like 2231 and 3700.Message was edited by: vhunter on 3/22/12 3:54:04 PM CDT
That report's name is "HIP: Top 10 NIPS By Source IP" and this post relates to Host Intrusion Prevention, which you did not specify.
This thread has been moved to the Business section, Endpoint Security / Host Intrusion Prevention.
3700 - TCP Port Scan
This event indicates that a TCP port scan was detected.
2231 - Vulnerability in SMB Could Allow Remote Code Execution
(This signature requires HIP version 7.0 patch 6 or later.) This vulnerability only exists in Windows Vista and Windows 2008. This event indicates an attempt to exploit a SMB vulnerability in the Windows srv2.sys that could allow remote attackers to execute arbitrary code at the local system. This event is triggered when a suspicious SMB message is received.