Getting an offense triggered for excessive firewall denies. So far, so normal:
The problem is the Offense Source summary, which lists a Username, which throws us off, as we cannot find a single event linking the Source (IP) With this username. (the listed user does not understand why his username is listed, the Source is an Ipad, which are not logged on With normal usernames)
By what criteria is this Field (Offense Source summary - > username populated?