Creating a Suspicious Activity Monitoring (SAM) rule to block the traffic is the best immediate action when suspicious activity is detected in the network. SAM rules are specifically designed to quickly respond to and mitigate ongoing suspicious activities. Unlike policy rules, SAM rules are dynamic and can be adjusted or removed once the threat has been fully identified and addressed, allowing for more agile and effective threat response.