QRadar

The Dropzone platform integrates with the security SIEM. Many customers ingest other alert sources into QRadar (e.g. IDPs) and integrate Dropzone into QRadar rather than the source systems.

Create an API Key

QRadar requires an API key to enable.

To obtain an API Key, do the following:

• In the upper bar in the QRadar Homepage, click "Admin"

• In the left hand bar, navigate to System Configuration > User Management

• Click on "Authorized Services"

• In the window that pops up, click "Add"

• Under "Authorized Service Label," label the key something memorable, such as "dropzone_ai"

• Select an Admin security profile

• Under "User Role, select "All"

• Under "Expiry Settings," assign an expiration date if you choose

* Click "Save"

• Store the authorized service token in a safe location for use later in the Dropzone UI where it will be called "API-Key"

Enable the Dropzone Data Source Integration

To enable the Data Source integration, you will need the following information:

• Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app

• In the bottom left hand corner, click Settings > Integrations

• Click "Available"

• In the Search bar, search QRadar, then click "Configure"

• Under the Data Source header, input the Server, Port, and API-Key

• Click "Test & Save" to finish

If you have any errors engage your Dropzone AI support representative.

Enable The Dropzone Alert Source Integration

To enable the Alert Source integration, you will need the following information:

• Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai

• In the bottom left hand corner, click Settings > Integrations

• Click "Available"

• In the Search bar, search QRadar, then click "Configure"

• Under the Alert Source header, input the Server, Port, and API-Key

• Input your desired poll interval and lookback

• Click "Test & Save" to finish