IBM Support

QRadar: Offenses and support policies

Question & Answer


This article informs administrators about QRadar® Support policies. This document outlines out-of-scope work for Offense cleanup cases and the responsibilities of the QRadar administrator. 


Responsibilities for Offense cases

Administrators might have instances where they are receiving too many offenses or having performance issues due to their number of offenses. This article addresses the responsibilities of the administrator and QRadar® support.

Support type Description Responsibility
Offenses assistance and error support
Administrators can use QRadar technical support to assist administrators with Offenses.
For example, QRadar Support can:
  • Assist administrators to investigate an offense that is not firing.
  • Investigate offense issues or errors in QRadar logs.
  • Take cases when performance issues result from rules or offenses.
  • Troubleshoot issues where rules fail to fire due to the Custom Rules Engine.
  • Troubleshoot performance degradation caused by excessive numbers of offenses.
QRadar technical support

To open a case or report an offense error, contact QRadar technical support
Out-of-scope for QRadar Support
The following activities are considered out-of-scope for technical support. QRadar Support reserves the right to close cases related to the following issues:
  1. Creating rules for customers.
  2. Creating or modifying searches for offenses.
  3. Tuning your offense model
  4.  Creating the search criteria for historical correlation.
  5. Recover offenses that are missing due to performance issues or events bypassing Custom Rules Engine.
  6. Perform a Clean SIM or purge offense data in the customer behalf. 
  7. Restore offenses.
  8. Assist customers with investigation of offenses.
  9. Updating or tuning the Network Hierarchy.

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
14 December 2021