1. Log in to your IBM QRadar console and go to the Admin tab in the top navigation panel.
   
2. Under the Apps section, click QRadar Log Source Management.
3. Click New Log Source to begin adding a new integration.
4. Choose Single Log Source.
   
5. In the Log Source Type dropdown, select Universal DSM.
   
6. For the Protocol Type, choose HTTP Receiver.
   
7. In the Name field, provide a descriptive name for this log source (e.g., "ZohoVaultLogs"). This name will help you filter and identify logs originating from Zoho Vault within IBM Qradar.
   
8. Specify the Log Source Identifier. You can use the default Listen Port or set a custom one based on your configuration.
   

Configuring Qradar details in Vault 

1. Log in to your Zoho Vault account as a super admin.
   
2. In the Settings menu, select SIEM Integration, then click Edit Configurations under IBM Qradar.
   
3. Enter the Collector Hostname and Port details provided by Qradar, then click Save Configuration.
   
4. An OTP will be sent to Qradar which can be found in the respective log source events. Enter the OTP to verify your account.
   
5. Select the list of audit trails to be sent to your SIEM service from Zoho Vault under Manage Syslog Configuration.
   

Accessing Zoho Vault logs from Qradar

1. Log in to your Qradar account.
   
2. In the search bar, enter the log name you previously set to find the Zoho Vault logs.