search cancel

Does ICDx show every SEP client?

book

Article ID: 174058

calendar_today

Updated On:

Products

Endpoint Protection ICDx

Issue/Introduction

With Integrated Cyber Defence exchange(ICDx) configured to collect event from one or more Symantec Endpoint Protection Managers (SEPMs), the ICDx does not appear to show every SEP client listed by the SEPMs.

Cause

ICDx identifies one or more SEP clients through the sole method of parsing log events. ICDx does not separately query SEPMs for a complete list of SEP clients. The available entities mapped within ICDx for SEP clients are related to those that appear in event ICDx received from one or more SEPMs.

Environment

ICDx 1.x configured to collect events from one or more SEPM instances.

Resolution

ICDx does not receive a complete enumerated list of SEP clients. Therefore it can only display a partial list. For a complete list of SEP clients, continue to rely on SEPM or Symantec Endpoint Detection and Response (SEDR).