Unwanted Access presently only gives you the response choices of Expected or Unexpected. Expected adds the VPN to the allow list, and you have a choice of at the user level or at the organization level. Unexpected triggers a critical incident and blocks the user's sign-in which is overkill if you just want the Huntress alert to go away. The easy use case that comes to mind is at our MSP specifically, where our users frequently support and test out many VPN solutions that our customers use. I don't want to allow these solutions org-wide or even at the user level because outside of specific times these actions are completely unexpected, and we should be alerted on each event. Please help!