I'm running my IDSM in promiscuous mode and creating event action filters to filter benign events. I'm seeing quite a few events (several different signatures) with target ip addr of 0.0.0.0. An example is:
signature: description=TCP Drop - RST or SYN in Window id=1330
target: addr: 0.0.0.0 locality=OUT port: 0
Can anyone tell me the meaning of this?