Might be a good idea also to look at how you're configuring the EDM policy, as it may be too broad. If you're looking for something like name+phone number or something like that, that's going to be way too broad and capture too much of what you're not looking for. Try adding more fields to the detection rule, or increase the number of detections that are required for an incident.