Troubleshoot a Direct Integration

Problems accessing the cloud

  • If you activate your cloud account immediately before attempting to configure this integration and you encounter problems implementing this integration, wait for an hour or two and then log in to your cloud account.

  • Make sure you are accessing the correct URL for the regional cloud associated with your account.

Device interface shows the integration as enabled, but the device does not appear on the Devices page in the cloud

  • The device may be licensed using a Smart Account or virtual account that is not linked to your cloud account. Do one of the following:

    • In Security Services Exchange, link the account from which the device was licensed.

      See Link Smart Licensing Accounts.

    • License the device from a linked account:

      Disable the integration on the Firepower Management Center or Firepower Device Manager, unregister the current license from the device, re-license the device from a linked account, then re-enable the integration in the Firepower Device Manager or Firepower Management Center.

  • Make sure you are looking at the same regional cloud that you selected in your settings. If you didn't select a region when you started sending events to the cloud, try the North America cloud first.

Device managed by the Firepower Management Center is not listed correctly on the Security Services Exchange Devices page

(Releases earlier than 6.4.0.4) Manually give the device a unique name: Click the Edit icon for each row in the Devices list. Suggestion: Copy the IP address from the Description.

This change is valid only for this Devices list; it does not appear anywhere in your deployment.

(Releases from 6.4.0.4 to 6.6) Device name is sent from the Firepower Management Center to Security Services Exchange only at initial registration to Security Services Exchange and is not updated on Security Services Exchange if the device name changes in the Firepower Management Center.

On the Devices page in Security Services Exchange, previously registered devices unexpectedly show as Unregistered

If these devices are Firepower Threat Defense devices managed by Firepower Device Manager, and you enabled integration with Cisco Defense Orchestrator after you registered your devices with Security Services Exchange for integration with Cisco XDR , and you have not yet merged your accounts, complete the procedure in Link Your Cisco Defense Orchestrator and Cisco XDR Tenant Accounts.

Expected events are missing from the Events list

  • Make sure you are looking at the correct regional cloud and account.

  • Make sure that your devices can reach the cloud and that you have allowed traffic through your firewall to all required addresses.

  • Click the Refresh button on the Events page to refresh the list and verify that the expected events appear.

  • If you are using Firepower Device Manager, check your access rule logging settings.

  • Check your configurations for automatic deletion (filtering out events) in the Eventing settings on the Cloud Services page in Security Services Exchange.

  • For more troubleshooting tips, see the online help in Security Services Exchange.

Some events are missing

  • If you send all connection events to the cloud, SecureX and Cisco SecureX threat response integrations uses only security connection events.