We would like the ability to separate escalation points for EDR and ITDR. We want to be notified(and woken up) if there is a full blown ransomware attack in the middle of the night, but if Jane Doe's O365 account gets compromised and Huntress locks the account down, that could wait until morning. Both are critical events as listed in the existing configurations.