search cancel

Some events from the SEPM DB do not show in SEDR

book

Article ID: 175416

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

Some events from the Symantec Endpoint Protection Manager (SEPM) DB do not show in Endpoint Detection and Response (EDR).

Environment

SEDR with Endpoint Communication Channel (ECC) enabled and Group Inclusions configured

Cause

When group inclusions are enabled, SEDR only collects events from the SEPM DB for clients that belong to the groups in the inclusions list.  This is expected behavior.
 

Resolution

To collect SEPM DB events for additional clients either:

  1. Add additional groups to the Group Inclusions list or;
  2. Remove all group inclusions (this will cause SEDR to collect events for all groups)