# QRadar {% hint style="info" %} QRadar is an SIEM integration. SIEM integrations are used to perform analysis of any SIEM generated alerts, and/or to use generated data as part of investigation analysis. {% endhint %} The Dropzone platform integrates with the [IBM QRadar](https://www.ibm.com/qradar) security SIEM. Many customers ingest other alert sources into QRadar (e.g. IDPs) and integrate Dropzone into QRadar rather than the source systems. ## Create an API Key QRadar requires an API key to enable. To obtain an API Key, do the following: * In the upper bar in the QRadar Homepage, click "Admin"

* In the left hand bar, navigate to System Configuration > User Management

* Click on "Authorized Services"

* In the window that pops up, click "Add"

* Under "Authorized Service Label," label the key something memorable, such as "dropzone\_ai" * Select an Admin security profile * Under "User Role, select "All" * Under "Expiry Settings," assign an expiration date if you choose {% hint style="info" %} For conveniences sake, we recommend not assigning an expiration date for this API key, to prevent having to create a new one. {% endhint %} \* Click "Save"

* Store the authorized service token in a safe location for use later in the Dropzone UI where it will be called "API-Key"

## Enable QRadar To enable the Data Source integration, you will need the following information: | Dropzone Field | Source | | -------------- | ---------------------------------------------------------------------------- | | Server | The same as your servername in your QRadar url, eg *myserver*/console/qradar | | Port | The standard html port, 443 | | API-Key | The authorized service token value you generated earlier | * Navigate to your Dropzone AI tenant home page e.g. https\://*mycompany*.dropzone.app * In the bottom left hand corner, navigate to Settings > Integrations

* Click "Available"

* In the Search bar, search QRadar, then click "Configure"

* Under the Data Source header, if your QRadar integration is behind an [On-premise Dropzone Connector](https://docs.dropzone.ai/platform/settings/connector), select your connector from the dropdown * Input the Server, Port, and API-Key * Under "Ignored Log Sources," you may add [log sources](https://www.ibm.com/docs/en/dsm?topic=management-introduction-log-source) to ignore in Dropzone searches

* Click "Test & Save" to finish If you have any errors engage your Dropzone AI support representative. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.dropzone.ai/integrations/data/qradar_data.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.