A company has implemented Amazon GuardDuty across all AWS Regions to enhance its security monitoring. Within a specific VPC, they operate an Amazon EC2 instance functioning as an FTP server, which receives a high volume of connections from various locations hourly. GuardDuty interprets this as a brute force attack due to the frequency of connections. Despite the company marking this as a false positive, GuardDuty continues to report the issue. To refine the detection accuracy without reducing the awareness of potential threats, what measure should a security engineer take?