Because users will often have their own VPN services that they leave turned on for their personal devices used for work (phone, WFH using personal computer) we get a lot of tickets for VPN use. We do not want to have to confirm with the client every single time a new VPN pops up, but we also do not want to dismiss an escalation just for it to come up again next time they sign in. We also do not want to whitelist VPNs in case they are potentially used in a compromise, which would cause the initial signal to have its priority lowered for triage.

Can we have an option to disable VPN login alerting for tickets and/or an option to merge VPN alerting with incident reports so that when a VPN login is associated with an incident, it is bundled together instead of separately?