We recently released an optional detection rule, Remote Access Tool: Splashtop - No Tuning, based on the existing detection rule Remote Access Tool: Splashtop, which excludes DattoRM and NinjaRMM activity by design because including these tools creates excessive noise for many users.
The new rule does not tune out DattoRM and NinjaRMM activity and, therefore, alerts on even more activity. Because this rule can be excessively noisy for organizations, it is disabled by default but you can enable it in Settings > Detection Rules if your organization logs Windows events.
Note: Ensure that only one of these two rules is enabled for your account, as enabling both will create duplicate findings.