The LCE has detected continuous intrusion activity from a host.
The Log Correlation Engine has detected an IP address that has been the source of IDS events continuously for more than 20 minutes in a row. If the attacker is outside of your network, this could indicate a probe. If the IP address is inside your network, this could indicate a compromised host. In either case, you should look at all available logs and events concerning this IP address.