You are not able to find a SEPM detection event with the action of "Leave alone (log only)" or "Potential risk found (Left alone)" in QRadar after being processed through the Integrated Cyber Defense Exchange product.
This may be related to a misunderstanding of the mapping.
Release : 1.4.2
Component : SEPM collector, QRadar app
Leave alone (log only) evens are mapped from ICDx to the QRadar app based on the following:
<qidmap>
<severity>1</severity>
<lowlevelcategory>19001</lowlevelcategory>
<reverseip>false</reverseip>
<qid>1002250283</qid>
<ratethreshold>0</ratethreshold>
<rateinterval>0</rateinterval>
<qdescription>File Detection events report the detection and resolution of file threats or policy violations.</qdescription>
<catpipename>Echo</catpipename>
<ratelongwindow>0</ratelongwindow>
<qname>File Detection: Logged</qname>
<rateshortwindow>0</rateshortwindow>
<id>649895</id>
</qidmap>
So, the information of note from above:
<qname>File Detection: Logged</qname>
<qid>1002250283</qid>
<id>649895</id>
You can use the values above to discover the log only events in QRadar.