Alert FineTuning(Sev:Low): Vulnerability Scanner Detection

Hi, we are seeing a high number of "Vulnerability Scanner Detection" alerts and facing challenges during analysis:

The alerts often show Microsoft IP addresses, and some of them appear malicious. Can we fine-tune this to capture the actual IP scanning the environment?
How can we determine whether the scan was successful or failed, for example, by using status codes like 200 or 404?
Is there a way to identify if the app service is using platforms like Joomla, Drupal, WordPress, or others?

Looking forward to your support on this.