Adjusting the threshold is part of the discovery process. Each client has a different level of exposed threat space. After letting it run for 12 hours I did up the threshold for one common application port but not the others. The good thing about the scans is that they are only taking less than a minute so the rule only fires once during that time.
i.e. the scan actually hit 500 addresses in 45 seconds and only one alert email is sent.
So with Re-Infer, it treats each firing of the rule as its own instance? Exactly what I was hoping.
Thank you for the reply.