IBM Support

QRadar: Case definition

Question & Answer


What is a case and what is it used for?


A case is used to track a question, feedback, or an issue with your QRadar environment. All data collection, troubleshooting, and resolution is documented within the case.

Each case is used to track a unique question or issue. Whenever the situation changes, a new case needs to be created. For example, you are working a case where you are not getting events from a Cisco log source on your Event Collector. While you are working this issue with support, you discover that the UI stopped functioning on your QRadar Console. As these two things are unrelated, a new case needs to be created for the UI issue. The log source issue is worked separately, and both cases are worked independently until resolution. A support engineer can assist you in creating a new case, if needed.

Note: Previously, a PMR (Problem Management Record) was used for this. However, PMRs are no longer being used as cases are now in use.

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General Information","Platform":[{"code":"PF016","label":"Linux"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
09 July 2018