[FEATURE] Incident response automation must allow to run in default agent when logs aren't from an agent

[c3s4rfred]

Is your feature request related to a problem? Please describe.
Sometimes the logs aren't generated by an agent, for example syslog, in that case, the datasource is an IP address and not the agent name, so the automation won't run because agent name and datasource value don't match.

Describe the solution you'd like
The incident response automation must allow to specify an optional agent to run. On the frontend, we must also show the impact of the selection made by user. Ex: The command "command" will run on "platform" agents, except on "agent_exception_list". If no agent match will run on "default_agent" by default.
Also we must show an informational warning about what means the excluded agents.