Some events do not appear in your SIEM from SEDR syslog
search cancel

Some events do not appear in your SIEM from SEDR syslog

book

Article ID: 228523

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

You have integrated Symantec EDR with your SIEM, configured the syslog server and enabled event activity on the EDR but you notice that some events such as 8001: Process Event, and other 8xxx events have not been forwarded to your SIEM.

Environment

Release : 4.6.0 and later

Component : Syslog

Cause

ECC, endpoint activity recorder, and search data are not forwarded to syslog.
 
See Forwarding events and incidents to third-party SIEMs for an explanation of what data is forwarded via SEDR sylog.

Resolution

Event forwarding, Splunk and other connectors are provided to enable the forwarding of all events.

Powered by Wolken Software