IBM Support

QRadar EDR: Third-party software and case policies

Question & Answer


Question

This article informs administrators about QRadar® EDR Support policies. Third-party software such as Antimalware, Antivirus, RPM packages and utilities not tested by IBM can affect QRadar EDR agent functionality, upgrades, performance issues or the ability for the software to collect data. This document outlines the use, support policy, and responsibilities of the administrators for third-party software. 

Answer

Responsibilities for third-party software

QRadar EDR is designed and developed specifically to support its intended functions and contains software packages, which are tested and verified by IBM quality teams to ensure compatibility. Deploying QRadar EDR alongside existing antivirus, antimalware solutions is discouraged as it can cause technical issues. Any such configurations should be thoroughly tested before going into production. 

Support type Description Responsibility
Third-party software support  
QRadar EDR Support can investigate errors related to: 
  1. Data issues or errors where the QRadar EDR hive server is configured to forward data to third-party security products, such as other SIEM appliances. For more information, see IBM Security QRadar EDR.
 QRadar EDR technical support.

To open a case with supported integrations, contact QRadar EDR technical support.
Out-of-scope for QRadar EDR Support

The following topics are considered out-of-scope for technical support. QRadar EDR Support reserves the right to close cases related to the following issues:
  1. Installation of any packages that are not available out-of-the-box, such as specific dkms packages not supplied by IBM.
  2. Third-party encryption tools or RPMs that modify, real-time encrypt, or obfuscate data on appliances.
  3. Enquiries related to license purchase, renewals  or any type of sales support.
  4. Deployment of On-Prem EDR hive server, unless there are issues with underlaying OCP or QRadar EDR.
  5. QRadar EDR Maintainence operation such as dashboard management, alert analysis etc.
  6. Installing third-party RPMs, such as monitoring agents or antivirus software.
  7. Third-party scripts provided from GitHub resources not owned or maintained by IBM.
  8. Content packs that are developed and supported by IBM Business Partners who provide content packs on the X-Force® App Exchange website. QRadar EDR Support does not validate API calls or functionality for content packs not developed by IBM. 
Resources:
  • Troubleshooting or guidance might be available from QRadar EDR Support technical notes.
  • Community-based assistance can be provided from the QRadar Forums.

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSOO77","label":"IBM Security QRadar EDR"},"ARM Category":[{"code":"a8m3p000000PCPsAAO","label":"Support"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
20 November 2024

UID

ibm17108931

Page Feedback