QRadar
Last updated
Was this helpful?
Last updated
Was this helpful?
The Dropzone platform integrates with the security SIEM. Many customers ingest other alert sources into QRadar (e.g. IDPs) and integrate Dropzone into QRadar rather than the source systems.
QRadar requires an API key to enable.
To obtain an API Key, do the following:
In the upper bar in the QRadar Homepage, click "Admin"
In the left hand bar, navigate to System Configuration > User Management
Click on "Authorized Services"
In the window that spawns, click "Add"
Under "Authorized Service Label", label the key something memorable, such as "dropzone_ai"
Select an Admin security profile
Under "User Role, select "All"
Under "Expiry Settings", assign an expiration date if you choose
* Click "Save"
Store the authorized service token in a safe location for use later in the Dropzone UI where it will be called "API-Key"
To enable the Data Source integration, you will need the following information:
Server
The same as your company server url in QRadar, eg myserver/console/qradar
Port
The standard html port, 443
API-Key
The authorized service token value you generated earlier
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai
Click System > Integrations
Click "Available"
In the Search bar, search QRadar, then click "Configure"
Input the Server, Port, and API-Key
Under "Ignored Log Sources", you may add log sources to ignore in Dropzone searches
Click "Test & Save" to finish
If you have any errors engage your Dropzone AI support representative.
