Hi Lothar,
As HTTPS is encrypted I can't see anyway of this being monitored unless DLP was provided the key for each connection, could you provide a screenshot example of the incidents being raised?
This sounds more like a policy is triggering something incorrectly; for example reporting on encrypted traffic which would create an incident for every HTTPS request leaving the network,
Thanks