02-18-2026, 12:58 AM
(This post was last modified: 02-18-2026, 01:03 AM by thomasb4083.)
![[Image: edrconfig.png]](https://i.postimg.cc/mr9qy3pP/edrconfig.png)
Hello community,
I’m configuring the EDR module and I see it supports rule lists (import/export). I’d like to expand the baseline rules safely without causing false positives or system instability.
Where do you recommend sourcing reliable rule ideas or detection guidance?
For example: CISA advisories, NIST recommendations, MITRE ATT&CK mappings, or other reputable public resources that can be translated into EDR rules.
Any suggestions or rule pack structures you’ve tested in real endpoints would be appreciated.
Thanks!