1. Check the origin and the destination of the traffic like internal to external, internal to internal |
2. For alerts originated from internal to external or external to internal check spam database. |
3. If Ips are found in spam database report to application owner and take necessary action either to block or whitelist. |