We are receiving ATP alerts because our machines are trying to access Windows update at 209.197.3.8. They've been hitting that IP for months, but the alerts just started.
Is this a false positive?
Talos Reputation information
OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz 16GB Memory | 500GB SSD HDD | ATT Fiber 1GB(Former Sophos UTM Veteran, Former XG Rookie)