There is a gatekeeper process in place for rule tuning to justify any additional filter I have to know why such events are being created. At the moment I am not clear why so many benign events are creating alerts when other benign registration events are not.