When running the mdr_index_tool with the '--list' and '--limit' options from the CLI of the Symantec Endpoint Detection and Response (SEDR) an error similar to the following is produced:
edr> mdr_index_tool --list --limit 100000
2022-07-15 19:56:41,140 INFO mdr_index_tool: running /opt/symantec/sgs-td/cli/sbin/mdr_index_tool.py
2022-07-15 19:56:41,150 ERROR mdr_index_tool: #listIndexesMetaData Error:
2022-07-15 19:56:41,150 ERROR mdr_index_tool: Failed to list mdr inexes
2022-07-15 19:56:41,150 ERROR mdr_index_tool: 'symantecinfra1#symantec-atp#configurations#Ml-X7O1LTZeAG1iFPjHVYA#managed_feature#prtns'
2022-07-15 19:56:41,150 ERROR mdr_index_tool: <type 'exceptions.KeyError'>
2022-07-15 19:56:41,151 ERROR mdr_index_tool: Traceback (most recent call last):
File "/opt/symantec/sgs-td/cli/sbin/mdr_index_tool.py", line 275, in list_mdr_indexes
pdata.update(process_db_dump(dbdump, file))
File "/opt/symantec/sgs-td/cli/sbin/mdr_index_tool.py", line 428, in process_db_dump
logging.debug("processed_data_size:{}".format(processed[data["id"]]))
KeyError: 'symantecinfra1#symantec-atp#configurations#Ml-X7O1LTZeAG1iFPjHVYA#managed_feature#prtns'
A logic error in the '--limit' option is preventing the option from being utilized.
Broadcom Engineering has resolved this issue in EDR version 4.7.0. Please update to the latest EDR version (4.7.1) at your earliest convenience to receive this fix. If you are unable to upgrade to EDR 4.7.1 please use the workaround steps listed below.
Workaround for EDR versions prior to 4.7.0:
As a temporary workaround use the mdr_index_tool with out the '--limit' option.