IPS/IDS alerts - false positives?

[shred86]

Lately I’ve been receiving an IPS/IDS alert from my firewall (Sophos XG) with a source IP address of Home Assistant and a destination IP address of my two Amazon Fire Tablets that I have wall mounted. They’re running Fully Kiosk with this homeassistant-fullykiosk custom component setup in HA, so my first thought was maybe the alerts are being caused by this custom component since it’s the only thing that should be communicating with the tablets. I’m assuming they’re false positives but just trying to get a better idea of what might be causing it. Here’s a log entry from my firewall:

2022-02-11 05:16:55IPSmessageid="07002" log_type="IDP" log_component="Signatures" log_subtype="Drop" ips_policy="" ips_policy_id="13" fw_rule_id="19" fw_rule_name="redacted" fw_rule_section="Local rule" user="" sig_id="9000310" message="BROWSER-IE Microsoft Edge CVE-2016-3386 Spread Operator Memory Corruption Attempt" classification="Attempted User Privilege Gain" rule_priority="2" src_ip="home assistant" src_country="R1" dst_ip="amazon tablets" dst_country="R1" protocol="TCP" src_port="8123" dst_port="49496" OS="Windows" category="browser-ie" victim="Client"

Any ideas what might be causing these alerts?

[cgarwood]

Shouldn't be anything within the component causing it, especially since the log lines list Windows as the OS.