Hi @Falcon IT Services ,
From your screenshot, the Exchange Front End Transport service is receiving e-mail messages.
By default, the default Receive connector named Default Frontend <ServerName> in the Front End Transport service enables protocol logging.
And one SMTP conversation that represents receiving a single email message generates multiple SMTP events. Each event is recorded on a separate line in the protocol log
You mean you don't want to receive emails from WAN IPs? If so, it is always recommended to blacklist it to block it.
Reference article: protocol-logging