Support has requested a diagnostics from the Symantec Endpoint Detection and Response (SEDR) appliance.

Symantec Endpoint Detection and Response 4.6 and later.

Two options are available for collecting a SEDR diagnostic:

1. Use the gather_evidence command to create a diagnostic and upload it directly to the support case.

   1. Log in to the SEDR Command Line Interface (CLI) as admin
   2. Run the following command
      gather_evidence -u [USER_NAME] -c [CASE_NUMBER] -s [SITE_ID] -v
   3. Note that [USER_NAME] is the email address used to log in to support.broadcom.com, [CASE_NUMBER] is your case number and, [SITE_ID] is your site ID.  If you are unsure of your site ID, please notify Broadcom Technical Support
   4. For more information about the gather_evidence command, please visit https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/4-8/using-the-command-line-interface-v109281349-d38e71236/gather_evidence-command.html

2. Download the diagnostic from the SEDR Graphical User Interface [GUI]

   1. Log in to the SEDR Command Line Interface (CLI) as admin
   2. Generate the logs using the following command:
      gather_logs --to-transfers
   3. Verify the name of the diagnostics using the following (Note: The diagnostics will be stored in /home/admin/transfers)
      list --home | grep SGS-TD
   4. Log in to the SEDR  Graphical User Interface (GUI)
   5. Navigate to Settings -> Global -> File Transfer
   6. Click "Download"
   7. Type in the diagnostics file name from step 3, being sure to use the same capitalization. (Example: SGS-TD_Wed_Sep...)
   8. Click "Download"