Indicates that traffic from originating from the
attackers address and destined for the destination
service port identified in the alert would have been
denied as a result of the alert if the intrusion
prevention system was operating in inline mode.
However, this action was not actually taken because
the intrusion prevention system was operating in
promiscuous mode. This element may be omitted if
and only if its value is false.