EDR Incidents Resource API query is not retrieving all the incidents exported through EDR GUI.
By default the EDR Incidents Resource API (/atpapi/v2/incidents) limits the output to last 30 days if neither start_time nor end_time
For security reason the time range cannot be greater then 30 days.
As workaround EDR can be queried by using consecutive time ranges and concatenating the results into a single file output.
EDR is working as design. Refer to API portal for further details.
https://apidocs.securitycloud.symantec.com/#