ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
SEDR shows no 4100 or 4102 events
Article ID: 197319
Endpoint Detection and Response
When reviewing events on Symantec Endpoint Detection and Response, no type_id: 4100 (SONAR) or type_id: 4102 events are noted.
The option "Send pseudonymous data to Symantec to receive enhanced threat protection intelligence" is required in order for SEDR to receive 4100 SONAR and 4102 events from the SEP clients.
- Log in to the SEPM
- Navigate to Clients -> <SEPM GROUP> -> Policies -> External Communications -> Submissions
- Ensure that "Send pseudonymous data to Symantec to receive enhanced threat protection intelligence" is checked