Hello all, need some advice! I'm getting ready to go through a SOC 1&2 audit and need to show were pulling and alerts on certain logs/event on specific nodes. I currently have 60 nodes in SEM but only 20 are in scope so Id like to be able to build rules and email alerts on that specific 20 for the audit, is there a good way to do this? Thanks much!