diff --git a/config/level_tuning.txt b/config/level_tuning.txt
index 8482d822..5e3051b3 100644
--- a/config/level_tuning.txt
+++ b/config/level_tuning.txt
@@ -1,2 +1,7 @@
 id,new_level
 00000000-0000-0000-0000-000000000000,informational # sample level tuning line
+fdb62a13-9a81-4e5c-a38f-ea93a16f6d7c,medium # "Encoded FromBase64String". Originally critical.
+61a7697c-cb79-42a8-a2ff-5f0cdfae0130,high # "CobaltStrike Service Installations in Registry". Originally critical.
+36803969-5421-41ec-b92f-8500f79c23b0,low # "Detects persistence registry keys". Originally critical. Changed to low due to a high possibility of false positives.
+06d71506-7beb-4f22-8888-e2e5e2ca7fd8,medium # "Mimikatz Use". Originally critical. Rule creates tons of false positives so lowered to medium.
+dae8171c-5ec6-4396-b210-8466585b53e9,medium # "SCM Database Privileged Operation"
\ No newline at end of file