Logs for real time scanning to create exclusions?

Hello, we have created global exclusions based on our vendors instructions for real time scanning of our infrastructure applications that we feel are safe. Now we want to create exclusions for applications/processes/files that we feel are safe on specific endpoint devices to reduce load on the devices. Are there ream time scanning logs on each system that show what files are being scanned the most? If you don't keep that level of detail what is the best way to get this information remotely from the devices? Thanks.

Added TAGs
[edited by: Qoosh at 11:44 PM (GMT -7) on 1 Jul 2022]