cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3288
Views
0
Helpful
4
Replies

Security Intelligence Events table is empty on FMC

m1xed0s
Spotlight
Spotlight

I have a FMC virtual appliance v6.2.0.2 with VDB 287. Just realized that there is nothing recorded under Security Intelligence Events page. There are entries under connection event page though. Two ASA with Firepower services are connected.

I do have valid protection license installed. There is no error regarding Security Intelligence updates. I also check Security Intelligence objects.

  • Network: Feed updates every two hours; Global-Whitelist is empty and one entry in Global-Blacklist
  • DNS: Feed updates every two hours; Global-Whitelist and Global-Blacklist are empty
  • URL: There is no Feed and Global-Whitelist and Global-Blacklist are empty (what will be the feed URL if I want to add a Feed?)

Ideas?

1 Accepted Solution

Accepted Solutions

Those two are blank and are for you to add IP/URL explicitly. Add the categories there under blacklist. Attached screenshot for the reference.

Regards,

Dv

View solution in original post

4 Replies 4

Dinesh Verma
Cisco Employee
Cisco Employee

Hi ,

I want you to check if you've added those categories under blacklist (Both Network and URL). Please take a look to the screenshot attached.

Feed—Dynamic collection that updates on an interval over HTTP or HTTPS (Third Party or anything).

Hope this helps.

Regards,
Dv

I do have those two in the blacklist. Mine is attached.

Those two are blank and are for you to add IP/URL explicitly. Add the categories there under blacklist. Attached screenshot for the reference.

Regards,

Dv

Thanks, I will schedule time to put relative categories in. I thought the security intelligence feed retrieved blacklists are sufficient...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: