Problems accessing the cloud
-
If you activate your cloud account immediately before attempting to configure this integration and you encounter problems
implementing this integration, wait for an hour or two and then log in to your cloud account.
-
Make sure you are accessing the correct URL for the regional cloud associated with your account.
Device managed by the Management
Center is not listed correctly on the Security Services Exchange Devices page
(Releases earlier than 6.4.0.4) Manually give the device a unique name: Click the Edit icon for each row in the Devices list. Suggestion: Copy the IP address from the Description.
This change is valid only for this Devices list; it does not appear anywhere in your deployment.
(Releases from 6.4.0.4 to 6.6) Device name is sent from the management center to Security Services Exchange only at initial registration to Security Services Exchange and is not updated on Security Services Exchange if the device name changes in the management center.
Expected events are missing from the Events list
-
Make sure you are looking at the correct regional cloud and account.
-
Make sure that your devices can reach the cloud and that you have allowed traffic through your firewall to all required addresses.
-
Click the Refresh button on the Events page to refresh the list and verify that the expected events appear.
-
Check your configurations for automatic deletion (filtering out events) in the Eventing settings on the Cloud Services page in Security Services Exchange.
-
For more troubleshooting tips, see the online help in Security Services Exchange.
Some events are missing
-
If you send all connection events to the cloud, Cisco XDR uses only security connection events.
-
If you are using custom Security Intelligence objects in the management center including global block or allow lists and threat
intelligence director, you must configure Security Services Exchange to auto-promote events that are processed using those objects. For more information, see the Security Services Exchange online help.
Failed to save the Cisco Security Cloud configuration
If the management center page fails to save the Cisco Security Cloud configuration,
Cisco Security Cloud integration failed due to timeout
After starting the configuration, management center page waits 15 minutes to receive the authorization before it times out. Ensure that you complete the authorization within
15 minutes. Click Enable Cisco Security Cloud to start a new authorization request after a timeout.
Failed to register Firewall devices to Security Services Exchange using the CDO Account
When management center fails to register managed devices to Security Services Exchange using the CDO account, a message appears under . The management center restores the original configuration. When device registration fails, verify the following:
Disable and enable the Cisco Security Cloud configuration to register firewall devices to Security Services Exchange again.