When attempting to configure Symantec EDR for QRADAR with an OID and client secret, EDR APP for QRADAR displays an authentication error, "Fail: API password is invalid."

• Symantec Endpoint Security (SES) Complete web portal
• Symantec EDR App for QRADAR v1.5.0
• QRADAR 

Symantec EDR App for QRadar v1.5.0 supports Endpoint Detection and Response (EDR) appliance version 3.2 to 4.1. 
Symantec EDR App for QRadar v1.5.0 requires QRadar version 7.3.1 or above 
The EDR portion, or Incidents tab, of the SES Complete web portal has an API which is different but similar the REST API of EDR appliance.

The API of SES Complete portal does not meet the requirements for Symantec EDR App for QRADAR 1.5.0 or earlier versions.

The following options are available for piping EDR events into QRADAR:

• SES Complete > ICDX > QRadar w/ Symantec ICDx Content Pack For QRadar
     PROs: no need to roll out EDR on-prem appliance(s)
     CONs: Limitation: no EAR events
  
  
• Symantec EDR on-prem appliance >  ICDX > QRadar w/ Symantec ICDx Content Pack For QRadar
     PROs: No Limitation: gets all EAR events
                Scales to ~2000 events per second   
     CONs: Requires rollout of EDR physical appliances or virtual appliance in VMWare server
                 See System Requirements for EDR on-prem appliances here: 
                 https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/4-6/about-v96380626-d38e6/system-requirements-for-the-virtual-appliance-v96381064-d38e7045.html
  
  
• NOT RECOMMENDED: Symantec EDR on-prem appliance > QRADAR w/ EDR App for QRADAR - 
     PROS: No limitation: gets all EAR events, performance permitting
           May work for small environments
     CONS: Requires rollout of EDR physical appliances or virtual appliance in VMWare server
           not performant - ~500 event per second
  
  
• Bring Your Own App (BYOA): Symantec Endpoint Security Complete web portal > (your own custom QRADAR app crafted with the public API for SES Complete) 
     PROS: You maintain your own code, so you can fix quickly
     CONS: Your org's local development team maintains another app. BROADCOM SUPPORT will provide best effort support, oriented towards possible defects within the REST API and/or downtime of the API servers.

BROADCOM Software has scheduled ICDx for feature deprecation in May 2022.
By that time a new version of EDR on-prem appliance will include a replacement feature which natively sends events to QRADAR

Other references: 

• The manual for Symantec EDR App for QRADAR is here: https://exchange.xforce.ibmcloud.com/api/hub/extensionsNew/99a56ec5ca1202e8fc3b92908f34b552/Symantec_EDR_app_for_QRadar_1.5.0.pdf
  
  
• The IBM Exchange page for Symantec ICDx Content Pack for QRADAR is here: 
  https://exchange.xforce.ibmcloud.com/hub/extension/9bf92ae332571cac2476dfa8b1003ddc
  
  
• API Reference for SES Complete:
  https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/APIs/Symantec-Endpoint-Security-API-commands.html