EDR Incidents Resource API query is not retrieving all the incidents exported through EDR GUI.

By default the EDR Incidents Resource API (/atpapi/v2/incidents) limits the output to last 30 days if neither start_time nor end_time

For security reason the time range cannot be greater then 30 days.

As workaround EDR can be queried by using consecutive time ranges and concatenating the results into a single file output.

EDR is working as design. Refer to API portal for further details.
https://apidocs.securitycloud.symantec.com/#