DLP Response rules
We have SMTP response rules set up, but do NOT want to receive email notifications on incoming emails that contain flagged content. We are only concerned about outbound violations of policies. There are ways to filter incidents by IP address when looking at the Incident view. I don't see anything similar in the Response Rules, only the Protocol or Endpoint Destination condition, only by SMTP.
Is there a way to get an email notification ONLY on outbound incidents or base it off of IP address?