should we write our own custom rule

I am currently employed as a cyber analyst, and we've recently implemented an Endpoint Detection and Response (EDR) system. Upon closer inspection, I've observed that numerous events are not being flagged as alerts.
This raises a crucial question: should I take the initiative to create custom rules to ensure these events are brought to our attention, or should I rely solely on the EDR's intrinsic capabilities to detect and classify threats?
As a potential solution, I'm contemplating the implementation of …

alerts analyst closer custom rules cyber cyber analyst cybersecurity detection detection and response edr endpoint endpoint detection endpoint detection and response events flagged initiative inspection own question response rules system