What is the report that you are referring to?
Could you pls elabrate your queries
Details/Version of the product ?
OS details ?
The report name is HIP_Top_NIPS_by_SourceIP and then it lists system name, Threat Target IPv4 Address, Operating System, Threat Name, Threat Severity and Threat Source IPv4 Address. In Threat Name it has numbers like 2231 and 3700.
That report's name is "HIP: Top 10 NIPS By Source IP" and this post relates to Host Intrusion Prevention, which you did not specify.
This thread has been moved to the Business section, Endpoint Security / Host Intrusion Prevention.
3700 - TCP Port Scan
This event indicates that a TCP port scan was detected.
2231 - Vulnerability in SMB Could Allow Remote Code Execution
(This signature requires HIP version 7.0 patch 6 or later.) This vulnerability only exists in Windows Vista and Windows 2008. This event indicates an attempt to exploit a SMB vulnerability in the Windows srv2.sys that could allow remote attackers to execute arbitrary code at the local system. This event is triggered when a suspicious SMB message is received.
Threat Name is the Host IPS Signature number. You can find the default signatures by reviewing an IPS Rules policy.