When attempting to configure Symantec EDR for QRADAR with an OID and client secret, EDR APP for QRADAR displays an authentication error, "Fail: API password is invalid."
Symantec EDR App for QRadar v1.5.0 supports Endpoint Detection and Response (EDR) appliance version 3.2 to 4.1.
Symantec EDR App for QRadar v1.5.0 requires QRadar version 7.3.1 or above
The EDR portion, or Incidents tab, of the SES Complete web portal has an API which is different but similar the REST API of EDR appliance.
The API of SES Complete portal does not meet the requirements for Symantec EDR App for QRADAR 1.5.0 or earlier versions.
The following options are available for piping EDR events into QRADAR:
BROADCOM Software has scheduled ICDx for feature deprecation in May 2022.
By that time a new version of EDR on-prem appliance will include a replacement feature which natively sends events to QRADAR