News
Abstract
IBM QRadar Support is notifying administrators about the case policy for Severity 1 reported issues to allow support representatives to reduce and change the severity of a case when certain conditions are met. Severity 1 cases are intended for critical business issues or production system failures. Users who have Severity 1 issues triaged, systems restored, or initial mitigations in place can receive requests from support to downgrade the case severity. This technical note outlines the Severity 1 case policy for all QRadar users.
Content
Changes to QRadar Support's Severity 1 policy
IBM reserves the right to communicate and downgrade case severity where functionality is restored, but noncritical issues exist from Severity 1 to an appropriate level, such as 2, 3, or 4. The goal of this policy is to inform users that support representatives might reduce severity during an investigation to assist users and organize critical issues. It is important to clearly communication how your case impacts your business for QRadar Support to triage your case and understand the urgency and severity of the issue.
- Unresponsive requests to work on your Severity 1 case. For more information, see Support policy for IBM Security products when the client in a Severity 1 issue does not respond.
Note: QRadar Support works with users 24 hours a day, seven days a week to resolve Severity 1 critical issues, provided you have a technical resource available to work during those hours. If you are unresponsive to multiple contact requests, your case severity can be downgraded. Adding contact information for other team members in your case notes can help prevent communication issues.
- A workaround is in place and the critical business impact is mitigated.
- An APAR or known issue is provided and continued work is required, but the system is functional.
Can I restore the severity of my case
Yes, users who believe the severity is set incorrectly can update their case and provide a note to the support representative. In the past, QRadar Support advised users to upgrade their case severity when urgent assistance was required or to escalate a case. The need to raise severity is no longer required as an Escalate case button is available in the IBM Support Portal.
Procedure
- Navigate to the IBM Support Portal to view your open cases.
- Log in with your IBMid.
- Select an open case.
- In the Severity field, click the Edit icon.
Note: If you need to escalate your issue, use the Escalate case button. - Select a severity and click Save.
- In the Case history field, add a note to inform your support representative and click Add comment.
Results
The case severity is updated. The support representative is alerted that your case is updated and might request further information.
Can I exclude my cases from severity adjustments
No, there is no method to apply an exclusion to an account as each case is triage and negotiated with users separately. If an administrator disagrees with the support representative, they can adjust the severity of the case and add a note for the support representative. If you experience issues with a case downgrade or if you are unhappy with QRadar Support, you can request a Duty Manager to talk to a manager within the support organization.
QRadar list of issues by severity
When a user opens a case the severity level is set, but the severity of a case can be adjusted during the life of the case as more information becomes available. The following is a list of severity levels with a definition. Severity 1 issues are typically reserved for production system down or critical outages.
| Severity | Business Impact | Detailed description |
|---|---|---|
| 1 | Critical | System or Service Down Business critical functionality is inoperable or a critical interface has failed. This usually applies to a production environment and indicates an inability to access products or services resulting in a critical impact on operations. This condition requires an immediate solution. Note: We will work with you 24 hours a day, seven days a week to resolve Severity 1 problems provided you have a technical resource available to work during those hours. You must reasonably assist IBM with any problem diagnosis and resolution. For IBM Cloud services, you must log a Service Down case within 24 hours of first becoming aware that there is a critical business impact and the Cloud service is not available. |
| 2 | Significant | A product, service, business feature, or function of the product or service is severely restricted in its use, or you are in jeopardy of missing business deadlines. |
| 3 | Some | The product, service, or functionality is usable and the issue does not represent a significant impact on operations. |
| 4 | Minimal | An inquiry or non-technical request. |
Are all open cases receiving severity changes
No. Open cases evolve over time during an investigation and the severity of an issue can change over time. IBM is NOT globally downgrading Severity 1 open cases. We understand that each case is unique and severity is negotiated based on a number of factors. IBM is informing users with open cases that QRadar Support representatives might request an adjustment on case severity when they review the most current information available from development teams. If the severity of a case is adjusted, the QRadar Support team member is instructed to provide an update to describe the reason for the change in severity.
Was this topic helpful?
Document Information
Modified date:
27 July 2022
UID
ibm16495083