Creating Cisco Firepower Management Center 5.x, 6.x, and 7.x certificates
IBM
QRadar requires a
certificate for every Cisco Firepower Management Center appliance in your deployment. Certificates
are generated in pkcs12 format and must be converted to a keystore and a truststore file, which are
usable by QRadar
appliances.
Procedure
Log in to your Cisco Firepower Management Center interface.
If you are using version 5.x, select System > Local > Registration.
If you are using version 6.x, select System > Integration.
If you are using version 7.x, click the System gear icon, then select
Integration.
Click the eStreamer tab.
Select the types of events that you want Cisco Firepower Management Center to send to QRadar, and then click
Save.
The following image lists the types of events that Cisco Firepower Management Center sends to QRadar.
Click Create Client in the upper right side of the window.
In the Hostname field, type the IP address or host name, depending on
which of the following conditions applies to your environments.
If you use a QRadar
Console or you
use a QRadar All-in-One
appliance to collect eStreamer events, type the IP address or host name of your QRadar
Console.
If you use a QRadarEvent Collector to collect
eStreamer events, type the IP address or host name for the Event Collector.
If you use QRadar High
Availability (HA), type the virtual IP address.
Optional:
In the Password field, type a password for your
certificate. If you choose to provide a password, the password is required to import the
certificate.
Click Save.
The new client is added to the eStreamer Client list and the host can communicate with the
eStreamer API on port 8302.
Click Download Certificate for your host to save the pkcs12 certificate
to a file location.
Click OK to download the file.
What to do next
You are now ready to import your Cisco Firepower Management Center certificate to your QRadar appliance.