False Positive - RPC (Remote Procedure Call) to the Internet (Kuery)

There is a built-in detection rule watching for TCP traffic on port 135 to the Internet.

network.transport: tcp and destination.port: 135 and (network.direction: outbound or (source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip: (10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)))

However, this rule has triggered with traffic from local source IP 192.168.1.4 to destination 192.168.1.125 on port 135.

Thanks,
Gary

I answered my own question.

Thanks for finding it and posting the solution to your own thread. Appreciate it!