IBM Support

QRadar: Security issues (PSIRT), vulnerabilities, and support policies

Question & Answer


Question

This article informs administrators about QRadar® Support policies and outlines the out-of-scope work for QRadar product security issues (PSIRT) cases and the responsibilities of the QRadar administrator. 

Answer

Responsibilities for Security issues (PSIRT)

QRadar® frequently sends out notifications of security issues after a fix is implemented and the issue remediated. This article explains what assistance can be provided by QRadar Support to administrators for product security issues.

Support type Description Responsibility
Security issues (PSIRT) assistance and error support
Administrators can use QRadar technical support to assist administrators with product security issues. For example, QRadar Support can:
  1. Confirm whether a CVE from an external scan is mitigated in a specific software release. For example, a scan of QRadar reports a product security issue (PSIRT) with a CVE. A Severity 3 case can be opened to confirm whether a QRadar software update is available.
  2. Answer questions or clarify basic information from IBM published security bulletins. Given their sensitive nature, IBM Security Bulletins do not include detailed vulnerability exploitation information. QRadar Support representatives cannot provide exploit information or security impact of specific CVEs.
  3. Help users confirm QRadar software is code signed by IBM. For more information, see https://ibm.biz/qradarcodesigning.
  4. Questions related to third-party application vulnerabilities you discover can be reported to IBM in a QRadar Support case. Administrators must start with the support contact for the application, but IBM can act as an intermediary, if required, to contact an IBM Business Partner. For more information, see Third-party applications and support policies.
  5. Assist users to download fix packs from IBM Fix Central or answer upgrade path questions. For more information about software upgrades, see Software update cases and support policies.
 QRadar technical support

To open a case or report Security issues (PSIRT), contact QRadar technical support
Out-of-scope for QRadar Support
The following activities are considered out-of-scope for technical support. Support reserves the right to close cases related to the following issues:
 
  • Requests to apply non-IBM software to mitigate a security issue.
  • Requests for exploit information or questions on how to use exploits against QRadar software. Given the sensitive nature of disclosed CVEs, IBM Security Bulletins do not include detailed vulnerability exploitation information. QRadar Support representatives cannot provide exploit information or security impact of specific CVEs.
  • Answer questions related to HackerOne submissions.
  • Cases to report a potential vulnerability you discovered. All vulnerability reporting must be completed through HackerOne or to the IBM PSIRT team (psirt@us.ibm.com).
  • Administrators

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
18 May 2022

UID

ibm16491935

Page Feedback