IBM Support

QRadar Configuration advice, best practices endorsements and support policies

Question & Answer


This article informs administrators about QRadar® Support policies and outlines out-of-scope work on custom configurations, best practices, and responsibilities of the QRadar administrator. 


Responsibilities for configuration advice and best practices

Best practices and custom configurations not documented for QRadar are not a function of the QRadar Support team. The role of QRadar Support is to validate functional issues, review errors, and fix or report product issues to development teams.

Support type Description Responsibility
Configuration advice, best practices, and support
QRadar® Support can assist with error messages or confirm product functionality when documented by IBM. QRadar Support can:
  1. Review functionality where a documented feature stop functioning or generate errors.
    • Log Sources that parsed correctly, but categorize events as 'Unknown' or 'Stored' after an official IBM DSM update. 
    • Failure of an appliance to receive or search for received data after an appliance restart.
    • Authentication issues or errors where all users cannot log in to their QRadar Console.
    • User interface or data display issues reported by users on supported browsers.
  2. Help customers locate IBM Documentation to determine whether a use case or best practice information exists. Support can also investigate issues where IBM Documentation is incomplete or incorrect.
  3. Explain to users how to complete upgrade checklist steps to pretest an appliance before they start a software install, if they are unfamiliar or have questions.
QRadar technical support

To open a case or report an error, contact QRadar technical support.
Out-of-scope for QRadar Support
The following activities are considered out-of-scope for technical support. QRadar Support reserves the right to close cases related to the following issues:
  1. Requests to review or provide advice on license increases or adding hardware to a deployment.
  2. Recommending any hardware upgrades. For example, "If I upgrade disks to solid-state drives, what is the performance impact to my search?"
  3. DSM configurations not defined in IBM Documentation.
  4. Requests to review or provide advice on Network Hierarchy or Domain changes.
  5. Reviewing permissions defined for User Roles in QRadar.
  6. Recommendations or configurations for reference set data, third-party threat intelligence feeds, or time-to-live (TTL) for customer data within reference sets.
  7. Request to review Log Source groups and organization.
  8. Training new staff to use QRadar®.
  9. Validate use cases or best practices from non-IBM sources, such as blogs or YouTube videos.

Resources for administrators:

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
26 July 2022