Since enabling the 'VPNs Unauthorized by Default' feature, all VPN usage now generates Critical level incidents, which automatically trigger phone alerts 24/7, including a recent 2 AM call. While I want to detect and prevent unauthorized VPN usage, the Critical severity level creates unnecessary after-hours disruptions for routine violations.

I'd like to request a severity level of High for unauthorized VPN incidents. One that generates tickets for business hours investigation without triggering phone calls, unless accompanied by additional suspicious activity. I'm happy to receive urgent calls for genuine security threats, but 2 AM notifications for a colleague's forgotten Proton VPN connection seems excessive.

Could you consider adding the ability to select the severity option for default VPN detections or allowing custom severity rules for different incident types?