I am testing Azure Sentinel. I have a data connector,windows firewall.The windows firewall agent is on a window machine. I scanned windows machine with nmap. I get logs from firewall and show in sentinel. But no incident. I think it is not enough to be a incident. What can I do to get one incident? How can I make attack to get so?