SEDR shows no 4100 or 4012 events

book

Article ID: 197319

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

When reviewing events on Symantec Endpoint Detection and Response, no type_id: 4100 (SONAR) or type_id: 4102 events are noted.

Cause

The option "Send pseudonymous data to Symantec to receive enhanced threat protection intelligence" is required in order for SEDR to receive 4100 SONAR and 4012 events from the SEP clients.

Resolution

  1. Log in to the SEPM
  2. Navigate to Clients -> <SEPM GROUP> -> Policies -> External Communications -> Submissions
  3. Ensure that "Send pseudonymous data to Symantec to receive enhanced threat protection intelligence" is checked