Problems accessing the cloud
-
If you activate your cloud account immediately before attempting to configure this integration and you encounter problems
implementing this integration, try waiting an hour or two and then logging in to your cloud account.
-
Make sure you are accessing the correct URL for the regional cloud associated with your account.
Device interface shows the integration as Enabled, but the device does not appear on the Devices page in the cloud
-
The device may be licensed using a Smart Account or virtual account that is not linked to your cloud account. Do one of the
following:
-
In SSE, link the account from which the device was licensed.
See Link Smart Licensing Accounts.
-
License the device from a linked account:
Disable the integration on the FMC or in FDM, unregister the current license from the device, re-license the device from a
linked account, then re-enable the integration in FDM or FMC.
-
Make sure you are looking at the same regional cloud that you selected in your Firepower settings. If you didn't select a
region when you started sending events to the cloud, try the North America cloud first.
Device managed by FMC is not listed correctly on the SSE Devices page
(Releases earlier than 6.4.0.4) Manually give the device a unique name: Click the pencil icon for each row in the Devices
list. Suggestion: Copy the IP address from the Description.
This change is valid only for this Devices list; it does not appear anywhere in your Firepower deployment.
(Releases between 6.4.0.4 and 6.6) Device name is sent from FMC to SSE only at initial registration to SSE and is not updated
on SSE if the device name changes in FMC.
On the Devices page in SSE, previously registered devices unexpectedly show as Unregistered
If these devices are FTD devices managed by FDM, and you enabled integration with CDO after you registered your devices with
SSE for integration with or Cisco SecureX threat response, and you have not yet merged your accounts, complete the procedure in (FTD Managed by FDM Only) Merge Your CDO and Security Accounts.
Expected events are missing from the Events list
-
Make sure you are looking at the correct regional cloud and account.
-
Make sure your devices can reach the cloud and that you have allowed traffic through your firewall to all required addresses.
-
Click the Refresh button on the Events page to refresh the list.
-
Verify that the expected events appear in Firepower.
-
If you are using FDM, check your access rule logging settings.
-
Check your configurations for automatic deletion (filtering out events) in the Eventing settings on the Cloud Services page in SSE.
-
For additional troubleshooting tips, see the online help in SSE.
Some events are missing
-
If you send connection events, only Security Intelligence connection events are used; all other connection events are ignored.
-
If you are using custom Security Intelligence objects in FMC, including global block or allow lists and Cisco Threat Intelligence Director (TID), you must configure SSE to auto-promote events that are processed using those objects. See information in the SSE online
help about promoting events to incidents. .