Clarify Tiles Cache in XDR

Available Languages

Download Options

  • PDF     (4.6 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (77.6 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (61.5 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:June 8, 2023
Document ID:220689

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how Cache in SecureX Tiles works.

    Is the Information in XDR Live Data?

    The answer to that question is No. This is because in XDR each integration and each Tile is subjected to a certain Cache.

    The expiration time varies, based on the integration and the Tile itself.

    For example, you can use Umbrella and XDR Integration.

    First, validate that the integration is valid and works, to do this, navigate to Administration > Integrations > Expand My Integrations Section.

    Ensure the Integration is green and says Connected.

    Navigate to Control Center, search for one of the tiles of your Integration.

    Then, trigger an event that matches the corresponding tile in XDR, is possible that no data populates the XDR Tile.

    To better understand why there is no data, navigate to the Tile of Interest, and click the ellipsis (...) > API Information.

    You can visualize valuable information, such as:

    Observed Start Time & Observed End Time, this information corresponds to the time configured in your Tile, it ranges from 24 hours, 7 days, 30 days, etc.

    Valid Start Time, this information indicates when the Tile cache started.

    Curren Time, that indicates the time in your browser, if this time is lower than the following piece of information which is Valid End Time, then, you have to wait until Current Time is bigger than Valid End Time, otherwise, the information in the Tile will still be cached.

    If you collect HAR logs and open them, you can see the Valid time for when the event occurred and correlate the time of the event in Umbrella Dashboard.

    You can see in the HAR logs that the Cache expires and a new start_time begins.

    note-icon

    Note: In the API information of XDR, you can see the URL used, so you can check your HAR logs and compare.

    Example of Cache Expiration

    • Secure Client - Computer Summary: Almost Instant
    • FMC - Event Summary: 1 minute
    • SMA - Incoming Mail Summary: 5 minutes
    • Umbrella - Security Blocks by Category (General): 5 minutes

    Revision History

    Revision Publish Date Comments
    1.0
    30-Jul-2023
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Uriel Montero
      TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products