Suspicious attachment opened with no detection technology or VT matches

We received the alert “Suspicious attachment opened” for an Excel file, but it’s unclear why it was flagged. Here’s what I found:

• No detection technology triggered.
• No VT matches.
• File wasn’t detonated in the Microsoft sandbox.
• Deep analysis is unavailable (not a PE).

I reviewed the file and, apart from generic terms like “invoice” or “file” in the name, I see no clear indicators of suspicion or ways to adjust this in XDR. Any tips for better understanding or fine-tuning the verdict?