Some Endpoint Detection and Response incidents are missing from Integrated Cyber Defense Exchange when using the Integrated Cyber Defense Manager collector

book

Article ID: 206161

calendar_today

Updated On:

Products

Integrated Cyber Defense Exchange ICDx

Issue/Introduction

When using the Integrated Cyber Defense Exchange (ICDx) product to collect logs from the Integrated Cyber Defense Manager (ICDm) cloud portal for Endpoint Detection and Response (EDR) events and incidents, some incidents are not available.

Cause

Some EDR incidents are not exposed by the ICDm API, so they are not available to ICDx for gathering.

Resolution

This is a known issue and is being considered for including in a future version of the products.