search
WebsiteTest DriveStatus

QRadar

circle-info

QRadar is an SIEM integration. SIEM integrations are used to perform analysis of any SIEM generated alerts, and/or to use generated data as part of investigation analysis.

The Dropzone platform integrates with the IBM QRadararrow-up-right security SIEM. Many customers ingest other alert sources into QRadar (e.g. IDPs) and integrate Dropzone into QRadar rather than the source systems.

hashtag
Create an API Key

QRadar requires an API key to enable.

To obtain an API Key, do the following:

  • In the upper bar in the QRadar Homepage, click "Admin"

Navigate to Admin

  • In the left hand bar, navigate to System Configuration > User Management

Navigate to User Management

  • Click on "Authorized Services"

Click on "Authorized Services"

  • In the window that pops up, click "Add"

Click "Add"

  • Under "Authorized Service Label," label the key something memorable, such as "dropzone_ai"

  • Select an Admin security profile

  • Under "User Role, select "All"

  • Under "Expiry Settings," assign an expiration date if you choose

circle-info

For conveniences sake, we recommend not assigning an expiration date for this API key, to prevent having to create a new one.

* Click "Save"

Fill out token details

  • Store the authorized service token in a safe location for use later in the Dropzone UI where it will be called "API-Key"

Copy the API-Key

hashtag
Enable QRadar

To enable the Data Source integration, you will need the following information:

Dropzone Field
Source

Server

The same as your servername in your QRadar url, eg myserver/console/qradar

Port

The standard html port, 443

API-Key

The authorized service token value you generated earlier

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app

  • In the bottom left hand corner, navigate to Settings > Integrations

Integrations Dropdown

  • Click "Available"

Click Available

  • In the Search bar, search QRadar, then click "Configure"

The QRadar Tile

  • Under the Data Source header, input the Server, Port, and API-Key

  • Under "Ignored Log Sources," you may add log sourcesarrow-up-right to ignore in Dropzone searches

The QRadar Data Configuration

  • Click "Test & Save" to finish

If you have any errors engage your Dropzone AI support representative.

hashtag
Enable QRadar

To enable the Alert Source integration, you will need the following information:

Dropzone Field
Source

Server

The same as your servername in your QRadar url, eg myserver/console/qradar

Port

The standard html port, 443

API-Key

The authorized service token value you generated earlier

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai

  • In the bottom left hand corner, navigate to Settings > Integrations

Integrations Dropdown

  • Click "Available"

Click Available

  • In the Search bar, search QRadar, then click "Configure"

The QRadar Tile

  • Under the Data Source header, input the Server, Port, and API-Key

  • Under "Ignored Log Sources," you may add log sourcesarrow-up-right to exclude from Dropzone searches

The QRadar Data Configuration

  • Click "Test & Save" to finish

If you have any errors engage your Dropzone AI support representative.

PreviousPhishTankNextSentinelOne

Last updated

Was this helpful?