Problems accessing the cloud
-
If you activate your cloud account immediately before attempting to configure this integration and you encounter problems
implementing this integration, wait for an hour or two and then log in to your cloud account.
-
Make sure you are accessing the correct URL for the regional cloud associated with your account.
Device interface shows the integration as enabled, but the device does not appear on the Devices page in the cloud
-
The device may be licensed using a Smart Account or virtual account that is not linked to your cloud account. Do one of the
following:
-
In Security Services Exchange, link the account from which the device was licensed.
See Link Smart Licensing Accounts.
-
License the device from a linked account:
Disable the integration on the Secure Firewall Management
Center or Secure Firewall device manager, unregister the current license from the device, re-license the device from a linked account, then re-enable the integration
in the Secure Firewall device manager or Secure Firewall Management
Center.
-
Make sure you are looking at the same regional cloud that you selected in your settings. If you didn't select a region when
you started sending events to the cloud, try the North America cloud first.
Device managed by the Secure Firewall Management
Center is not listed correctly on the Security Services Exchange Devices page
(Releases earlier than 6.4.0.4) Manually give the device a unique name: Click the Edit icon for each row in the Devices list. Suggestion: Copy the IP address from the Description.
This change is valid only for this Devices list; it does not appear anywhere in your deployment.
(Releases from 6.4.0.4 to 6.6) Device name is sent from the Secure Firewall Management
Center to Security Services Exchange only at initial registration to Security Services Exchange and is not updated on Security Services
Exchange if the device name changes in the Secure Firewall Management
Center.
On the Devices page in Security Services Exchange, previously registered devices unexpectedly show as Unregistered
If these devices are threat
defense devices managed by Secure Firewall device manager, and you enabled integration with Cisco Defense Orchestrator after you registered your devices with Security Services Exchange for integration with SecureX or , and you have not yet merged your accounts, complete the procedure in Link Your Cisco Defense Orchestrator and SecureX or Cisco XDR Tenant Accounts.
Expected events are missing from the Events list
-
Make sure you are looking at the correct regional cloud and account.
-
Make sure that your devices can reach the cloud and that you have allowed traffic through your firewall to all required addresses.
-
Click the Refresh button on the Events page to refresh the list and verify that the expected events appear.
-
If you are using Secure Firewall device manager, check your access rule logging settings.
-
Check your configurations for automatic deletion (filtering out events) in the Eventing settings on the Cloud Services page in Security Services Exchange.
-
For more troubleshooting tips, see the online help in Security Services Exchange.
Some events are missing
-
If you send all connection events to the cloud, SecureX and Cisco SecureX threat
response integrations uses only security connection events.
-
If you are using custom Security Intelligence objects in the Secure Firewall Management
Center including global block or allow lists and Secure Firewall threat intelligence
director, you must configure Security Services Exchange to auto-promote events that are processed using those objects. See information
in the Security Services Exchange online help about promoting events to incidents.
Failed to save the SecureX configuration
If the Secure Firewall Management
Center page fails to save the SecureX configuration,
SecureX enablement failed due to timeout
After starting the configuration, Secure Firewall Management
Center page waits 15 minutes to receive the authorization before it times out. Ensure that you complete the authorization within
15 minutes. Click Enable SecureX to start a new authorization request after a timeout.