Hi! We have a separate team that handles Purview incidents - and they seem to be creating thousands of alerts (ie, one for each file). When we enable Unified SOC with XDR, all those thousands of alerts come into Sentinel incidents, and also get correlated to other alerts, and even get correlated into "multistage incidents" with themselves. We'd love a way to not have correlation view Purview/DLP alerts, or add exclusions. Is there a way to do this? Feel free to reach out to me on the Customer CCP as well :)

Things I hate: 1. The use of the word Demystifying in presentations 2. Misuse of the word Depreciation