Attacker Technique - RC4/DES TGT(Proxiable)+ST Kerberos Tickets Requested (Kerberoasting, Raw)

Hi.

Has anyone else been seeing these alerts? All look to be FP. I wonder if this rule needs tunning?