12-13-2021 11:48 PM
Dear community,
I have registered WSA, FTD and ESA in SecureX. WSA is reporting logs, meanwhile FMC and ESA are not. TAC Case is open, however they are delaying on their answers and thus, so far no solution.
Note: The API on the Management Interface of ESA is enabled.
Do you have any idea what could be the issue!?
Thank you,
Laura
12-17-2021 08:59 AM - edited 12-17-2021 09:09 AM
Regarding TAC "delaying" their answers, please understand that between log4j and half the cloud going down over the past few weeks, TAC is experiencing "unusually high call volumes" as the machines used to say...
When you say that FMC is not reporting logs, what does that mean? Are there events in FMC that you would expect to see in SSE but do not? Are you not getting the results you expect in Threat Response investigations? Etc.
12-20-2021 12:06 AM
Thank you for your feedback!
There are events in FMC that I would expect to see in SSE but there is no events in SSE, this leading to no events in SecureX also.
Looking forward to any suggestions on how to troubleshoot this issue.
Best regards,
Laura
12-20-2021 09:30 AM
Then either your integration is not working correctly, OR you haven't had any events that meet the criteria for upload. IF you are using CSSP, that is a smaller set that what is supported via a direct connection.
Are you connecting via CSSP, or direct? What version of software is on the FMC, and on the devices?
I'm not TAC and will not be able to drive this with the level of support you would get from your existing case, but that's where I would start. Find out why the events aren't showing up. Check your version, your configuration, and your settings.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide