The Event and Incident Forwarding entry for the SEDR cloud shows Critical
Last Updated January 18, 2019
In SEDR 4.0, you have configured the EDR Cloud registration, which creates an Event and Incident Forwarding entry. When reviewing the status, you see that the status shows Critical. You will also see that the appliance status on the cloud console shows Not Connected.
The Event and Incident Forwarding feature does not currently support using a proxy.
The SEDR appliance needs to be able to connect directly to the SEDR cloud site (edrc.symantec.com and cloud-1.edrc.symantec.com). If you configure your firewall to block the SEDR appliance and only allow communication through your network proxy; appliance events and incidents, Blacklist policies changes, and remediation commands will not be forwarded to the SEDR cloud console.
This will change in the SEDR 4.1 software release.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe