QRadar: How to determine your case severity level
How do you determine which severity level is appropriate when creating or updating a case for QRadar Support?
A severity level is set when a new case is opened, but they can also be adjusted throughout the life of the case, as circumstances may change. The following is a list of severity levels with a definition and some examples of each, specific to the QRadar environment.
Critical impact/system down where there is a production system down issue. This has a critical impact on the environment and no workaround is available. Severity 1 cases are worked 7x24. If you are not available to work on this 7x24, it is recommended to lower the severity until you are available to actively troubleshoot the issue.
- QRadar User Interface (UI) is not available
- All event correlation is down
- Appliance is unable to boot
- Failed upgrade or patch
- No Offenses being created system wide
Examples not considered severity 1:
- An app is not working
- One particular log source is not working or not parsing as expected
- A secondary HA system is down but the primary is functioning
- System performance issues not causing an outage
Significant business impact. Major functionality is impacted or significant performance degradation is experienced. This might also include time-sensitive requests or being in jeopardy of missing business deadlines.
- Apps are failing to load
- HA failed by primary device still active
- Deployment failing
- Performance impact effecting users
Some business impact. The software is usable with less significant features (not critical to operations) unavailable. A short-term workaround is in place.
- Log source configuration
- Searches are taking longer than normal to complete
- Newly installed QRadar app is not working as expected
Minimal business impact. A critical software component is malfunctioning, causing minimal impact, or a non-technical request is made.
- System requirements inquiries
- Documentation issue
- General product inquiries
- Questions regarding a future hardware migration
More support for:
IBM QRadar SIEM
Component: General Information
Software version: Version Independent
Operating system(s): Linux
Reference #: 2016147
Modified date: 25 February 2019