Good afternoon!
I found another possible alert with the wrong status when we finalized it:
Could you help me? I think it is wrong because the user is trying to access a malicious file via URL.
EventID: 28
Event Time: Oct, 29, 2020, 07:34 PM
Rule: SOC105 - Requested T.I. URL address