Troubleshoot Device Insights and Secure Endpoint Integration

Available Languages

Download Options

  • PDF     (72.1 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (139.6 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (108.3 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:September 2, 2022
Document ID:218106

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the steps to configure the integration and troubleshoot Device Insights and Secure Endpoint integration.

    Prerequisites

    Requirements

    There are no specific requirements for this document.

    Components Used

    This document is not restricted to specific software and hardware versions.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Background Information

    SecureX Device Insights provides a unified view of the devices in your organization and consolidates inventories from integrated data sources, such as Secure Endpoint.

    With Device Insights, the information from all the sources is consolidated, and displayed  in device insights within SecureX, in a simpler way to view all your device information holistically and investigate devices across your portfolio of data sources more efficiently.

    Once activated, device insights is ready to automatically pull inventory and device data from the modules you have integrated with SecureX. So if you already have modules integrated with SecureX, there is no need to delete or re-add them to have this functionality.

    If you want to know more about the configuration, please review the Cisco SecureX Configuration Modules for details.

    Troubleshoot

    This section provides information you can use to troubleshoot your configuration.

    Add the Secure Endpoint Module

    • The user that enables the Module needs to have Admin rights to integrate the products.

    Note: If you integrate new source you need to either manually sync up or wait for auto-sync to happened before you see any devices that reports in to inventory.

    Verify Connectivity

    In order to allow API connections, make sure the next FQDN are allowed on your environment.

    • api.amp.cisco.com
    • api.apjc.amp.cisco.com
    • api.eu.amp.cisco.com

    User Postman to test connectivity

    https://<AMP API regional FQDN>/v1/computers

    https://< AMP API regional FQDN>/v1/computers/< connector GUID>

    leisanch_0-1661562924390

    Note: Secure Endpoint uses Basic Auth as an authorization method.

    Devices Number Mismatch

    • Device Insights stores the information from the last 90 days, however, Secure Endpoint stores the information from 30 days. If a mismatch is found on the number of devices, verify the last seen of the involved computers does not have more than 90 days.
    • Verify the Secure Endpoint console does not have duplicate connectors that cause the mismatch on both consoles.

    Scenario 1. No Webhook registered

    leisanch_0-1646808115395

    Navigate to Source Setting, then click on Register Webhook button, once the request is performed, the Webhook status displayed as shown in the image.

    leisanch_1-1646808285666

    Scenario 2. HTTP errors.

    leisanch_2-1646808422086

    400 - Bad request

    401 - Unauthorized

    403 - Forbiden

    404 - Method not allowed

    For HTTP errors, review the API credentials configured, make sure that the information gathered matches with the information pasted on the module configuration on SecureX.

    Browser Issues

    When wrong data is displayed in Device Insights, test in a different browser or a private window to discard wrong or outdated browser cache. 

    Multi-org Issues

    Secure Endpoint integration module uses the Enable button. Due to that , Secure Endpoint can only be linked to one Secure Endpoint console now, but you can still have multiple Secure Endpoint modules linked under one SecureX if you are the Admin for those organizations. In other words if you are Admin in multiple Secure Endpoint organizations you can have all of those linked via API module under one SecureX dashboard. Verify that the Secure Endpoint console is not already integrated to another SecureX organization,

    SecureX portal can have integrated multiple Secure Endpoint instances, but Secure Endpoint can only be integrated to one SecureX instance.

    HAR logs

    In case the issue persists with the Device Insights and Secure Endpoint integration,please see Collect HAR Logs from SecureX Console for how to collect HAR logs from the browser and contact TAC support in order to perform a deeper analysis.

    Related Information

    Revision History

    Revision Publish Date Comments
    1.0
    02-Sep-2022
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products