Creating Cisco Firepower Management Center 5.x, 6.x, and 7.x certificates
IBM® QRadar® requires a certificate for every Cisco Firepower Management Center appliance in your deployment. Certificates are generated in pkcs12 format and must be converted to a keystore and a truststore file, which are usable by QRadar appliances.
Log in to your Cisco Firepower Management Center interface.
- If you are using version 5.x, select .
- If you are using version 6.x, select .
- If you are using version 7.x, click the System gear icon, then select Integration.
- Click the eStreamer tab.
Select the types of events that you want Cisco Firepower Management Center to send to QRadar, and then click
The following image lists the types of events that Cisco Firepower Management Center sends to QRadar.
- Click Create Client in the upper right side of the window.
In the Hostname field, type the IP address or host name, depending on
which of the following conditions applies to your environments.
- If you use a QRadar Console or you use a QRadar All-in-One appliance to collect eStreamer events, type the IP address or host name of your QRadar Console.
- If you use a QRadar Event Collector to collect eStreamer events, type the IP address or host name for the Event Collector.
- If you use QRadar High Availability (HA), type the virtual IP address.
- Optional: In the Password field, type a password for your certificate. If you choose to provide a password, the password is required to import the certificate.
The new client is added to the eStreamer Client list and the host can communicate with the eStreamer API on port 8302.
- Click Download Certificate for your host to save the pkcs12 certificate to a file location.
- Click OK to download the file.