|1. Check the origin and the destination of the traffic like internal to external, internal to internal
|2. For alerts originated from internal to external or external to internal check spam database.
|3. If Ips are found in spam database report to application owner and take necessary action either to block or whitelist.