IBM Support

QRadar: Maintenance scenerios and support policies

Question & Answer


Maintenance and custom modifications or general administrative tasks are not within the scope of QRadar Support. This article informs users about QRadar® Support policies related to maintenance, administration, or common tasks that are the responsibility of the QRadar user or administrator.


Responsibilities for maintenance and common administration tasks

Most maintenance or custom administration scenarios is defined as tasks that can be performed in the user interface or any customization that is outside of IBM Documentation for QRadar. If a configuration or process needs to be done that is not already outlined in our documentation, it is likely a custom configuration and not a product issue, such as adding cron jobs or modifying files. It is the responsibility of QRadar® technical support to troubleshoot and repair QRadar standard features, not resolve issues on custom modifications or complete common administrative tasks.

Support type Description Responsibility
Custom scenarios and support
QRadar® Support can assist with error messages or confirm product functionality issues. For example, QRadar Support can:
  1. Resolve errors or assist with log source issues for supported Device Support Modules (DSMs).
  2. Troubleshoot Auto Update issues.
  3. Validate and troubleshoot authentication and log in errors.
  4. Verify and troubleshoot software errors or user interface problems related to QRadar features, such as:
    • Domain management
    • Network Hierarchy
    • Reference Sets
    • Routing Rules and destinations
    • WinCollect agents
    • IBM developed applications, such as the Log Source Management App.
  5. Troubleshoot features outlined in IBM Documentation that do not work as specified.
QRadar technical support

To open a case or report an error, contact QRadar technical support.
Out-of-scope for QRadar Support The following topics are considered out-of-scope for technical support. QRadar Support reserves the right to close cases related to the following issues:
  1. Removing event or flow data other than what is configured within your retention buckets.
  2. Administrators who request QRadar Support to open ports, update iptables, or add cron jobs to appliances. Note: Exceptions are granted to QRadar on Cloud users where certain changes require a support case. For more information, see QRadar on Cloud work items that require a support ticket.
  3. Requests for cases to modify files or implement workarounds for functionality that is not included in IBM Documentation.
  4. Modifying the user interface.
  5. Creating custom scripts to accomplish tasks for administrators.
  6. Requests to update or manage the QRadar deployment, such as:
    • Clean up of unused log sources
    • Adding and configuring managed hosts for administrators when no errors are reported
    • Reference sets data review, clean up, or maintenance
    • Requests to monitor disk space, delete data, or move data between QRadar appliances
    • Performing Network Hierarchy updates for administrators
    • Requests to test functioning log sources for audit purposes or data validation
    • Create static routes
    • Maintain or update IP addresses or complete DNS changes for administrators
    • Rule maintenance
    • Custom Event Properties (CEP) updates or maintenance
    • Schedule, modify reports, or update report layout for administrators
    • Removing WinCollect agents or updating WinCollect configuration parameters in the user interface. For example, "I need to update the heartbeat interface on the following WinCollect agents." 
  7. Troubleshooting issues implemented by third-party vendors or implemented by the Security Experts Labs.

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
28 June 2021