IBM Support

QRadar: How to determine your case severity level

Question/Answer


Question

How do you determine which severity level is appropriate when creating or updating a case for QRadar Support?

Answer

A severity level is set when a new case is opened, but they can also be adjusted throughout the life of the case, as circumstances may change. The following is a list of severity levels with a definition and some examples of each, specific to the QRadar environment.

Severity 1

Critical impact/system down where there is a production system down issue. This has a critical impact on the environment and no workaround is available. Severity 1 cases are worked 7x24. If you are not available to work on this 7x24, it is recommended to lower the severity until you are available to actively troubleshoot the issue.

Examples:

  • QRadar User Interface (UI) is not available
  • All event correlation is down
  • Appliance is unable to boot
  • Failed upgrade or patch
  • No Offenses being created system wide


Examples not considered severity 1:

  • An app is not working
  • One particular log source is not working or not parsing as expected
  • A secondary HA system is down but the primary is functioning
  • System performance issues not causing an outage


Severity 2

Significant business impact. Major functionality is impacted or significant performance degradation is experienced. This might also include time-sensitive requests or being in jeopardy of missing business deadlines.

Examples:

  • Apps are failing to load
  • HA failed by primary device still active
  • Deployment failing
  • Performance impact effecting users


Severity 3

Some business impact. The software is usable with less significant features (not critical to operations) unavailable. A short-term workaround is in place.

Examples:

  • Log source configuration
  • Searches are taking longer than normal to complete
  • Newly installed QRadar app is not working as expected


Severity 4

Minimal business impact. A critical software component is malfunctioning, causing minimal impact, or a non-technical request is made.

Examples:

  • System requirements inquiries
  • Documentation issue
  • General product inquiries
  • Questions regarding a future hardware migration

Document information

More support for: IBM QRadar SIEM

Component: General Information

Software version: Version Independent

Operating system(s): Linux

Reference #: 2016147

Modified date: 25 February 2019