Administrator may want to limit or filter the events sent by Endpoint Detection and Response (EDR) to Syslog server.
EDR 4.x.x
Due to large amount of events generated on EDR , Administrator may want to limit events forwarded by EDR to Syslog Server which can help to save storage space on syslog server.
EDR send below events to Syslog server as configured on UI.
There is no option to limit OR filter the type of events sent by EDR. If Administrator needs to limit/ignore few events then admin can configure the same on Syslog server itself.
Ideally Syslog servers has the option 'Log Collection Filters' to limit / filter event on Syslog server itself, please explore that option to achieve it.