Configure the FDM to Send Events to the Cisco Cloud

Note	Available options depend on your FDM version. Skip any steps that are not applicable to your version. For example, the ability to select region and event types are version-dependent.

Before you begin

Perform the steps up to this point in How to Send Events Directly to the Cisco Cloud and Integrate with SecureX.
If you are using CDO, you must merge your accounts before you start this procedure. See Link Your Cisco Defense Orchestrator and Cisco XDR Tenant Accounts.
In the FDM, make sure that your device has a unique name. If not, assign one now, in Device > System Settings > Hostname.
In the FDM, apply intrusion and other applicable policies to at least one access control rule and verify that the device is successfully generating events.
Make sure you have your cloud credentials and can sign in to the Cisco SecureX threat responseSecureX regional cloud on which your account was created.

For URLs, see Cisco SecureX Threat ResponseSecureX Regional Clouds.
In your browser:
- Disable pop-up blocking.
- Allow third-party cookies.

Step 1	In the FDM: Click Device, then click the System Settings > Cloud Services link. If you are already on the System Settings page, simply click Cloud Services in the table of contents.
Step 2	Click Enable for the Send Events to the Cisco Cloud option.
Step 3	Select the types of events to send to the cloud and click OK. Later, you can change the event selection by clicking Edit next to the list of selected events. If you choose to send connection events, only Security Intelligence connection events are used in this integration.
Step 4	Verify that your device has registered successfully in Security Services Exchange: If you do not already have Security Services Exchange open in a browser window, see Access Security Services Exchange. In Security Services Exchange, click Devices. Verify that your Firepower Threat Defense device appears in the list. Note: The description shown for the Firepower Threat Defense device in the Devices list is the serial number, which matches the serial number shown if you run the show running-config command in the command-line interface of the device.

Important

If you enable integration with CDO after you configure sending events to the cloud, your devices may become unregistered from SSE. If you see this problem in the Devices tab of SSE, see Link Your Cisco Defense Orchestrator and Cisco XDR Tenant Accounts.