My Events on my IPS sensor within my ASA5520 are primarily Sig ID 3030's. I am relatively new to the IPS/IDS Sensor end have always looked at Host Sweeps as sort of an attempt of attack. These entries almost look like normal internet traffic from users going to google, etc....
Can someone please shed some light on how to understand the logs and good vs. bad, etc.?
Attached is a PDF of the last hour of traffic.