> ## Documentation Index
> Fetch the complete documentation index at: https://docs.snapsec.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Integration

> Learn how to connect Snapsec Suite with IBM QRadar to stream security and audit events in real time.

## What is QRadar Integration

The **QRadar Integration** allows Snapsec Suite to send all system-generated security and audit events directly to **IBM QRadar SIEM**.

Once connected, QRadar can ingest Snapsec events for:

* Centralized logging
* Correlation with other security signals
* Threat detection and investigations
* Compliance and audit visibility

This integration helps security teams gain **real-time visibility** into activities happening across the Snapsec platform from within their existing SIEM workflows.

***

## What Events Does Snapsec Send

Snapsec sends **all system events** to QRadar, including but not limited to:

* User management events (create, update, delete)
* Authentication and authorization actions
* Asset changes
* Vulnerability lifecycle events
* Configuration changes
* Integration and automation activities
* Administrative and audit actions

All events are transmitted in a **structured, consistent schema** to ensure reliable parsing and correlation inside QRadar.

***

## Event Schema

Snapsec sends events in JSON format using the following schema:

```json theme={null}
{
  "type": "audit",
  "action": "create_user",
  "request": {
    "url": "/v1/users",
    "params": {},
    "query": {},
    "headers": {
      "user-agent": "curl/8.0.1"
    }
  },
  "response": {
    "body": {
      "id": "u_123",
      "status": "created"
    },
    "headers": {
      "content-type": "application/json"
    }
  },
  "metadata": {
    "ip": "203.0.113.10",
    "userId": "admin_1",
    "traceId": "abc-xyz"
  },
  "timestamp": "2026-01-27T10:15:30.000Z"
}
```

### Field Overview

* **type**\
  The category of the event.\
  Example: `audit`

* **action**\
  The specific action performed within Snapsec.\
  Example: `create_user`, `delete_asset`

* **request**\
  Details about the API request that triggered the event, including:
  * URL
  * Parameters
  * Query values
  * Request headers

* **response**\
  The result of the action, including:
  * Response body
  * Response headers

* **metadata**\
  Additional contextual information such as:
  * IP address of the actor
  * User ID who performed the action
  * Trace ID for request correlation

* **timestamp**\
  The exact time when the event occurred, formatted in ISO 8601.

  ## How to Connect Snapsec with QRadar

<Steps>
  <Step title="Open your Snapsec profile">
    Log in to **Snapsec Suite** and click on your profile icon in the top-right corner.

    <Frame caption="Department FAQs available on the Departments page">
      <img src="https://mintcdn.com/snapsec-23724fa2/F7Gu-qleR68XLokt/images/admin/qradar1.png?fit=max&auto=format&n=F7Gu-qleR68XLokt&q=85&s=9ccb511d86e012a9e254a586ea8a1d8b" alt="Expandable FAQ section for departments" width="678" height="369" data-path="images/admin/qradar1.png" />
    </Frame>
  </Step>

  <Step title="Navigate to Integrations">
    Select **Integrations** from the settings sidebar.

    <Frame caption="Department FAQs available on the Departments page">
      <img src="https://mintcdn.com/snapsec-23724fa2/F7Gu-qleR68XLokt/images/admin/qradar2.png?fit=max&auto=format&n=F7Gu-qleR68XLokt&q=85&s=5e1c02ee68a806cc253db9101c121ffb" alt="Expandable FAQ section for departments" width="1002" height="629" data-path="images/admin/qradar2.png" />
    </Frame>
  </Step>

  <Step title="Select QRadar">
    Locate **QRadar** from the list of available integrations and click on it.

    <Frame caption="Department FAQs available on the Departments page">
      <img src="https://mintcdn.com/snapsec-23724fa2/F7Gu-qleR68XLokt/images/admin/qradar2.5.png?fit=max&auto=format&n=F7Gu-qleR68XLokt&q=85&s=cc5b006b5d1efae81769d77c3f1ffc9a" alt="Expandable FAQ section for departments" width="715" height="495" data-path="images/admin/qradar2.5.png" />
    </Frame>
  </Step>

  <Step title="Enter QRadar details">
    Provide the following information:

    * QRadar URL
    * Bearer Token

    <Frame caption="Department FAQs available on the Departments page">
      <img src="https://mintcdn.com/snapsec-23724fa2/F7Gu-qleR68XLokt/images/admin/qradar3.png?fit=max&auto=format&n=F7Gu-qleR68XLokt&q=85&s=5fde7a6e60d50c4ca35177ed2dbe29f9" alt="Expandable FAQ section for departments" width="1332" height="709" data-path="images/admin/qradar3.png" />
    </Frame>
  </Step>

  <Step title="Save and verify">
    Click **Save** to enable the integration.\
    Once completed, QRadar will appear under **Installed Adapters**, confirming the connection.

    <Frame caption="Department FAQs available on the Departments page">
      <img src="https://mintcdn.com/snapsec-23724fa2/F7Gu-qleR68XLokt/images/admin/qradar4.png?fit=max&auto=format&n=F7Gu-qleR68XLokt&q=85&s=0c536fda775ceebbdb322a38dfac3204" alt="Expandable FAQ section for departments" width="1039" height="702" data-path="images/admin/qradar4.png" />
    </Frame>
  </Step>
</Steps>

## Verification

After installation, verify the integration using the following checks:

* Confirm the adapter status is shown as **Installed** in Snapsec.
* Check **QRadar logs** to ensure Snapsec events are being received.
* Verify that events are **parsed and indexed correctly** inside QRadar for search and correlation.

***

## Explore Live Demo

<Card title="Explore Snapsec APIs in Action" icon="wand-magic-sparkles" href="https://suite.snapsec.co/demo">
  Experience how Snapsec API keys power secure integrations, automation, and scalable security workflows—no signup required.
</Card>