SEDR does not forward the field "reg_value_result.data" to Splunk
Article ID: 192033
Endpoint Detection and Response
Advanced Threat Protection Platform
When reviewing data sent from Splunk to Symantec Endpoint Detection and Response (SEDR), the field "reg_value_result.data" is missing.
This is a known issue which will be resolved in a future release.