Very interesting video.
In my case I spend a lot a lot of time investigating the “generic protocol command decoding” alerts.
I have noted that a lot of times they are caused for a valid reason:
- Asymmetric routes.
- Incorrect network mask on one device.
- Poorly programmed applications, not following the standards. (Included Malware)
- Miss-configured web services or pages.
- Network card or its driver.
If you are getting many alerts from one device, I recommend to investigate a before suppressing or disabling rules.