Configuring Cisco Firepower Threat Defense to communicate with QRadar
To send intrusion or connection events to QRadar by using the syslog protocol, you need to enable external logging and configure basic settings on your Cisco Firepower appliance.
Procedure
- Log in to your Cisco Firewall appliance.
- Enable external logging. For more information, see FTD Platform Settings That Apply to Security Event Syslog Messages (https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/platform_settings_for_firepower_threat_defense.html#id_84926).
- Enable Logging Destinations. For more information, see FTD Platform Settings That Apply to Security Event Syslog Messages (https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/platform_settings_for_firepower_threat_defense.html#id_84926).
- Deploy changes. For more information, see Deploy Configuration Changes (https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/policy_management.html#task_75E181687ECF4EFC8EB6AF4509C20C0B).