Hello, 
I have configured the Cisco FMC v.7.0.1 integration with QRadar by using the eStreamer. All tests successfully passed, but there are not any events from it. Although, FMC generates events and there are some in FMC. According to the documentation QRadar supports Cisco Firepower Management Center V 5.2 to V 6.4. Does it mean that QRadar will receive events from FMC 7.x  but will not parse them or it will not receive them at all?

@Thomas Jaeger I looked in to this question and it support for Cisco FMC does not currently support 7.0.1 or 7.1 yet. It is something that development is currently working on and we have work items open for this to support newer FMC versions with the Cisco. There are some new data structures in 7.1 that the protocol needs to handle in updates and we are seeing errors versus what is documented in the FMC connection guide. The integration is not expected to work until there is a new protocol update that can handle the updated fields.

Stay tuned for more info.

------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com
------------------------------

Original Message:
Sent: Wed December 07, 2022 05:47 AM
From: Thomas Jaeger
Subject: Collecting Cisco Firepower Management Center(v.7.0.1) events by using the eStreamer

Hello, 
I have configured the Cisco FMC v.7.0.1 integration with QRadar by using the eStreamer. All tests successfully passed, but there are not any events from it. Although, FMC generates events and there are some in FMC. According to the documentation QRadar supports Cisco Firepower Management Center V 5.2 to V 6.4. Does it mean that QRadar will receive events from FMC 7.x  but will not parse them or it will not receive them at all?

Thanks a lot for your response!

------------------------------
Thomas Jaeger
------------------------------

Original Message:
Sent: Thu December 08, 2022 05:28 PM
From: Jonathan Pechta
Subject: Collecting Cisco Firepower Management Center(v.7.0.1) events by using the eStreamer

@Thomas Jaeger I looked in to this question and it support for Cisco FMC does not currently support 7.0.1 or 7.1 yet. It is something that development is currently working on and we have work items open for this to support newer FMC versions with the Cisco. There are some new data structures in 7.1 that the protocol needs to handle in updates and we are seeing errors versus what is documented in the FMC connection guide. The integration is not expected to work until there is a new protocol update that can handle the updated fields.

Stay tuned for more info.

------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com

Original Message:
Sent: Wed December 07, 2022 05:47 AM
From: Thomas Jaeger
Subject: Collecting Cisco Firepower Management Center(v.7.0.1) events by using the eStreamer

Hello, 
I have configured the Cisco FMC v.7.0.1 integration with QRadar by using the eStreamer. All tests successfully passed, but there are not any events from it. Although, FMC generates events and there are some in FMC. According to the documentation QRadar supports Cisco Firepower Management Center V 5.2 to V 6.4. Does it mean that QRadar will receive events from FMC 7.x  but will not parse them or it will not receive them at all?