You may received alerts from your SIEM or see a large number of Incidents on the KPI view of Endpoint Security Complete related to WMI 8015 events as the trigger. Upon further review, there can be found many Incidents closed in the state "Closed (Insufficient data)."
There was a new detection logic introduced to detect lateral movement of malware. The Incident logic is intended to keep the incident hidden, but once they are closed due to lack of sufficient data, they are visible. The Event Stream API is also reporting these Incidents when that is not expected.
Broadcom will address this in the 2022.10.02 hotfix refresh due on December 14th. These Incidents can be safely ignored when closed with the Insufficient Data status.
You can add a Recorder Rule to your Endpoint Detection and Response policy with the following logic that will prevent these detections in the future:
Event Type: ETW Activity
Actor Command Line: C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
Target Type: Source Facility
Target Type: Source Event ID