Known issues in Symantec Endpoint Security

CDM-42510

The event export API limits the total number of events that can be retrieved within a given query to 10K. Pagination beyond 10K results in an error. To work around this issue, use a shorter time range or select fewer feature names as part of the filter query. This action limits the number of events that are returned.

Since the API is based on event time, invoking the event export API using the last synced timestamp will miss any events that arrive late.

Symantec Endpoint Security

You might see these issues when you use the ICDx plug-in with

A fix for these issues is planned for a future release.