We have an interesting issue happening due to our HAM process. 

---Long Story---

When we order equipment from our vendor, Assets are created along with that a Shell CI record is created.  This is because at the time of ordering, we have the model and some other information, but no serial number.  With our current automation process, the vendor has all endpoints pre-loaded with our company image.  I assume that in order to make sure that they do not ship any DOA equipment, they fire them up to test.  Once a complete order has been tested, they send us the serial numbers which then are added to the Assets and the shell CIs are updated with that information.  The problem is that when they boot up the endpoints to test, CrowdStrike sees them, then from our CrowdStrike Service Graph (CS-SG) CIs are created, since there is no matching serial number at that point.  This causes a lot of things to break in our process, along with the duplication that happens both on the CI table and the Asset table (since an asset is created with the CI creation on discovery)
Since this is only an issue with Computers I have set an IRE Data Source Rule preventing the CS-SG from creating CIs on the Computer table, but we may need this to be active.
---Short Story---
CrowdStrike data has a field called 'first seen'.  Is it possible to delay the ingestion of data from the CrowdStrike Service Graph by an offset of this field?  For example, to not import the discovery on the computer table unless the current date is 45 days later than the first seen date from the imported data?