This content has been marked as final. Show 2 replies
1 of 1 people found this helpful
The SIEM Collector uses the MEF protocol to communicate with the ERC. You should change "Data Retrieval" to "MEF" before you'll see any data.
also log unknown events in case SIEM can't parse by default.