Webhook-based Security Events are not Received at the On-prem HTTP Connector for SIEM Integration

Available Languages

Download Options

  • PDF     (11.6 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (90.0 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (74.7 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:March 13, 2026
Document ID:225609

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Contents

Issue

Webhook-based security events are not being received at the on-premises HTTP connector for SIEM integration.

Environment

  • Product: Cisco Secure Access (SSE)
  • Technology: Solution Support - Secure Access Reporting and Logging
  • Integration Type: Webhook-based third-party integration
  • Target Connector: On-premises HTTP connector
  • Dashboard Status: Third-party integrations load successfully in Admin > Third Party Integrations

Resolution

To resolve webhook delivery issues with Cisco Secure Access third-party integrations, configure firewall rules to allow inbound HTTPS traffic from these Cisco SSE source IP ranges.

Required Firewall Configuration

Allow inbound HTTPS traffic from these Cisco SSE source IP ranges to your on-premises connector:

146.112.161.0/24

146.112.163.0/24

146.112.165.0/24

146.112.167.0/24

These IP ranges represent the shared IP addresses used by Cisco SSE from both EU and US regions for webhook delivery.

Verification Steps

Step 1: Verify third-party integration status in SSE dashboard.

Navigate to Admin > Third Party Integrations in your SSE dashboard and confirm that integrations are loading correctly for your organization.

Step 2: Configure firewall rules.

Update your network firewall and any intervening firewalls to allow inbound HTTPS connections from the provided SSE IP ranges to your on-premises connector server.

Step 3: Monitor webhook event delivery.

After implementing the firewall changes, monitor your on-premises HTTP connector to verify that webhook events are being received from Cisco SSE.

Additional Troubleshooting

If webhook events are still not received after configuring the firewall rules:

  • Verify that the on-premises connector is properly configured and listening on the expected port.
  • Check network connectivity between the SSE source IPs and your connector endpoint.
  • Review webhook integration configuration in the SSE dashboard.
  • Consider scheduling a live troubleshooting session to review webhook delivery in real-time.

Cause

The webhook delivery failure occurs when network firewalls block inbound HTTPS connections from Cisco SSE source IP addresses to the on-premises HTTP connector. Cisco SSE uses specific IP ranges from shared infrastructure in EU and US regions to deliver webhook events, and these must be explicitly allowed through firewall configurations for successful event delivery.

Related Content

Revision History

Revision Publish Date Comments
1.0
13-Mar-2026
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Sharjeel Makhdoomi
    Technical Consulting Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products