Creating Cisco Firepower Management Center 5.x, 6.x, and 7.x certificates

IBM QRadar requires a certificate for every Cisco Firepower Management Center appliance in your deployment. Certificates are generated in pkcs12 format and must be converted to a keystore and a truststore file, which are usable by QRadar appliances.

Procedure

  1. Log in to your Cisco Firepower Management Center interface.
    • If you are using version 5.x, select System > Local > Registration.
    • If you are using version 6.x, select System > Integration.
    • If you are using version 7.x, click the System gear icon, then select Integration.
  2. Click the eStreamer tab.
  3. Select the types of events that you want Cisco Firepower Management Center to send to QRadar, and then click Save.

    The following image lists the types of events that Cisco Firepower Management Center sends to QRadar.

    Figure 1. Cisco Firepower Management Center eStreamer Event Configuration
    Cisco Firepower Management Center eStreamer Event Configuration
  4. Click Create Client in the upper right side of the window.
  5. In the Hostname field, type the IP address or host name, depending on which of the following conditions applies to your environments.
    • If you use a QRadar Console or you use a QRadar All-in-One appliance to collect eStreamer events, type the IP address or host name of your QRadar Console.
    • If you use a QRadar Event Collector to collect eStreamer events, type the IP address or host name for the Event Collector.
    • If you use QRadar High Availability (HA), type the virtual IP address.
  6. Optional: In the Password field, type a password for your certificate. If you choose to provide a password, the password is required to import the certificate.
  7. Click Save.

    The new client is added to the eStreamer Client list and the host can communicate with the eStreamer API on port 8302.

  8. Click Download Certificate for your host to save the pkcs12 certificate to a file location.
  9. Click OK to download the file.

What to do next

You are now ready to import your Cisco Firepower Management Center certificate to your QRadar appliance.