Validate and Troubleshoot MSSP Sync

use this guide to validate client to central data propagation and troubleshoot common mssp sync issues if configuration is incomplete, start with configure ai soc mssp /configure ai soc mssp md perform a standard sync validation in the client tenant, ingest or update a known test record confirm the client record completes normal ai soc processing confirm ai soc mssp client configuration includes the correct tenant base url , central tenant id , and account id values in the central tenant, search central case management for the same tracking context verify record content and status were propagated in threat intelligence artifact cache , verify related observable updates repeat with a second update to confirm incremental propagation troubleshooting matrix symptom likely cause resolution no central record for client update incorrect central endpoint values in client configuration recheck central webhook url , central tenant id , and account id authentication failures during sync basic auth mismatch between ai soc mssp central sync authorization and the central ingestion webhook align authorization username and password in both tenants and retest api based central updates fail invalid or expired privatetoken replace privatetoken in ai soc mssp central sync and verify admin permissions ti cache records are missing ti cache application or field mapping values are incorrect recheck central tiac app id and central tiac observable field id swimlane api calls fail from the client tenant incorrect tenant base url or tenant identifiers recheck tenant base url , central tenant id , and account id in ai soc mssp client configuration only some client tenants sync client specific configuration drift compare working and failing tenant asset values and normalize configuration audit checklist use configure ai soc mssp /configure ai soc mssp md as the full configuration reference confirm at minimum client tenant turbine tenant credentials and ai soc tenant configuration are configured for core ai soc operations ai soc mssp client configuration has complete and current values, including tenant base url ai soc mssp central sync authorization values match the central ingestion webhook ai soc mssp central sync privatetoken is current and authorized for central api operations (separate from client turbine tenant credentials ) central tenant ingest record from client webhook is enabled, reachable, and saved on the correct playbook webhook basic auth values match client ai soc mssp central sync authorization values catch records from client , upsert central case management record , and set requires re enrichment playbooks are enabled central case management and threat intelligence artifact cache are available for validation escalation guidance escalate when sync fails for all clients after credential or platform changes records propagate but critical metadata is consistently incorrect central ingestion delays exceed your operational threshold when escalating, include client and central tenant names timestamp of test updates affected tracking ids which validation step failed