Will you consider adding the ability to create custom detection rules ? That would enable us to use the data collected in the SIEM (Logs + EDR) to check for intrusions.

I know that you do that already but if it was possible it would allow us to migrate from our current solution.

Access to the data and being able to perform our checks is very important. You already consider allowing siem users to see the edr data so i think this is a natural next step.