The Symantec EDR device support module (DSM) is not assigning the event names and categories correctly. The EDR events to QID mappings are not stored or configured correctly in the App.
See below image, the sha2 is not displaying for its corresponding EDR event because the proper mapping is not configured.
The file sha_2 property name is used as the example here. It is required that the EDR event being forwarded have the corresponding property name field populated with valid data before following these steps for any property that is not being displayed correctly. This will only apply to new events that are being received by the Symantec EDR app for QRadar after the corresponding property name is changed using the following steps.
The article Symantec EDR App for QRadar 1.5.0 includes a PDF attachment which includes the documentation written for the Symantec EDR App for QRadar. The Symantec_EDR_app_for_QRadar_1.5.0.pdf includes a list of custom regular expressions that can be used to correct similar issues with other event properties that are not being displayed as expected. The supported property names and regular expressions are listed on pages 9 - 12.