# QRadar {% hint style="info" %} QRadar is an SIEM integration. SIEM integrations are used to perform analysis of any SIEM generated alerts, and/or to use generated data as part of investigation analysis. {% endhint %} The Dropzone platform integrates with the [IBM QRadar](https://www.ibm.com/qradar) security SIEM. Many customers ingest other alert sources into QRadar (e.g. IDPs) and integrate Dropzone into QRadar rather than the source systems. ## Create an API Key QRadar requires an API key to enable. To obtain an API Key, do the following: * In the upper bar in the QRadar Homepage, click "Admin"

* In the left hand bar, navigate to System Configuration > User Management

* Click on "Authorized Services"

* In the window that pops up, click "Add"

* Under "Authorized Service Label," label the key something memorable, such as "dropzone\_ai" * Select an Admin security profile * Under "User Role, select "All" * Under "Expiry Settings," assign an expiration date if you choose {% hint style="info" %} For conveniences sake, we recommend not assigning an expiration date for this API key, to prevent having to create a new one. {% endhint %} \* Click "Save"

* Store the authorized service token in a safe location for use later in the Dropzone UI where it will be called "API-Key"

## Enable QRadar To enable the Alert Source integration, you will need the following information: | Dropzone Field | Source | | -------------- | ---------------------------------------------------------------------------- | | Server | The same as your servername in your QRadar url, eg *myserver*/console/qradar | | Port | The standard html port, 443 | | API-Key | The authorized service token value you generated earlier | * Navigate to your Dropzone AI tenant home page e.g. https\://*mycompany*.dropzone.ai * In the bottom left hand corner, navigate to Settings > Integrations

* Click "Available"

* In the Search bar, search QRadar, then click "Configure"

* Under the Alert Source header, if your QRadar integration is behind an [On-premise Dropzone Connector](https://docs.dropzone.ai/platform/settings/connector), select your connector from the dropdown * Input the Server, Port, and API-Key

* Under "Enabled QRadar Offense Statuses," check the box for each [offense status](https://www.ibm.com/docs/en/qradar-on-cloud?topic=management-offense-retention) you wish Dropzone to investigate alerts for

* Under "Title Exclusions," you may choose to exclude alerts by title. To do so, click "Add Item," then input a list of [Python regexes](https://docs.python.org/3/library/re.html) of the titles of the alerts you wish to exclude

* Input your desired poll interval and lookback

* Click "Test & Save" to finish