IBM Support

QRadar: How to determine your case severity level



How do you determine which severity level is appropriate when creating or updating a case for QRadar Support?


A severity level is set when a new case is opened, but they can also be adjusted throughout the life of the case, as circumstances may change. The following is a list of severity levels with a definition and some examples of each, specific to the QRadar environment.

Severity 1

Critical impact/system down where there is a production system down issue. This has a critical impact on the environment and no workaround is available. Severity 1 cases are worked 7x24. If you are not available to work on this 7x24, it is recommended to lower the severity until you are available to actively troubleshoot the issue.


  • QRadar User Interface (UI) is not available
  • All event correlation is down
  • Appliance is unable to boot
  • Failed upgrade or patch
  • No Offenses being created system wide

Examples not considered severity 1:

  • An app is not working
  • One particular log source is not working or not parsing as expected
  • A secondary HA system is down but the primary is functioning
  • System performance issues not causing an outage

Severity 2

Significant business impact. Major functionality is impacted or significant performance degradation is experienced. This might also include time-sensitive requests or being in jeopardy of missing business deadlines.


  • Apps are failing to load
  • HA failed by primary device still active
  • Deployment failing
  • Performance impact effecting users

Severity 3

Some business impact. The software is usable with less significant features (not critical to operations) unavailable. A short-term workaround is in place.


  • Log source configuration
  • Searches are taking longer than normal to complete
  • Newly installed QRadar app is not working as expected

Severity 4

Minimal business impact. A critical software component is malfunctioning, causing minimal impact, or a non-technical request is made.


  • System requirements inquiries
  • Documentation issue
  • General product inquiries
  • Questions regarding a future hardware migration

Document information

More support for: IBM QRadar SIEM

Component: General Information

Software version: Version Independent

Operating system(s): Linux

Reference #: 2016147

Modified date: 25 February 2019