Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1811
Views
0
Helpful
3
Replies

SMA integration with Threat Response

Go to solution
AS-NT
Level 1
Level 1

‎04-20-2020 08:12 AM

Hello,

 

I am trying to integrate our SMA with Threat Response. So far the registration succeeded, I generated the token, I can see the device, everything seems to be ok. Unfortunately I can´t do any investigations. I get the error message Client-Timeout in Module SMA. Am I missing some configurations in the firewall? The documentation states that I need port 443 in/out traffic for several FQDNs. Does Cisco initiate a connection from outside to the SMA in out internal network? Is it supposed to work that way??

 

Regards,

Malte

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ppreenja
Cisco Employee
Cisco Employee

‎04-20-2020 09:46 AM

Hello AS-NT,

Please try to reduce the default timeframe to query on CTR from the 30 days (default) to 7 days.

I hope the above helps.

Cheers,
Pratham

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ken Stieers
VIP
VIP

‎04-20-2020 09:14 AM

If I remember correctly, the SMA builds the connection outbound to the Security Services Exchange. CTR, through the Security Services Exchange queries the SMA for data.

0 Helpful

Go to solution
ppreenja
Cisco Employee
Cisco Employee

‎04-20-2020 09:46 AM

Hello AS-NT,

Please try to reduce the default timeframe to query on CTR from the 30 days (default) to 7 days.

I hope the above helps.

Cheers,
Pratham
0 Helpful

Go to solution
AS-NT
Level 1
Level 1
In response to ppreenja

‎04-20-2020 10:35 AM

Great - this worked. Thanks a lot!

0 Helpful
Customers Also Viewed These Support Documents