I am reporting a potential False Positive for SID: 2009099 (ET P2P ThunderNetwork UDP Traffic). This rule is triggering from the My Aurora Forecast & Alerts iOS app. The traffic is directed to qt-houston.bronze.systems (72.41.9.x and 72.41.10x) on UDP port 10050. The data payloads are typically very small (~7 KB) and occur during app background refreshes.
1 Like
Hi @keysox , we’ve disabled this rule while we take a look at it. Thanks for the report!