IBM Support

QRadar: Network issues and support policies

Question & Answer


Question

QRadar Support can assist administrators with network issues to confirm that appliances can communicate across the network and receive data as expected. This document outlines supported troubleshooting and out-of-scope work where network issues are due to external infrastructure, which must be resolved by the QRadar administrator. 

Answer

Responsibilities for external networking infrastructures issues

QRadar® as a product interacts with various infrastructures like:

  • Virtual or physical machines: Various QRadar® components are installed on these machines and interact together to create a complete SIEM solution.
  • Networks: QRadar® components heavily rely on the underlying network to receive data and distribute configuration information.
  • Storage devices: Data, configuration, and backups are all stored on various storage devices.
Support type Description Responsibility
External networking infrastructures support
QRadar® Support can assist with error messages or confirm network functionality or interfaces are collecting data on QRadar appliances. For example, QRadar Support can:
 
  • Confirm QRadar® appliances can receive event or flow data and that the interfaces are up and running.
  • Review logs or error messages from QRadar utilities used to update IP addresses or setup network parameters, such as qchange_netsetup.
  • Confirm open ports or answer port and communication questions for administrators.
  • Troubleshoot network issues up to the point where external infrastructure, such as a proxy server are confirmed as the cause of the communication error. QRadar Support can troubleshoot errors and connection issues, but cannot provide guidance on undocumented configurations for network devices.
  • QRadar network connections include bandwidth requirements for some features to perform properly. Administrators with issues around these product areas must confirm bandwidth before you create HA pairs or add appliances in remote networks to ensure deploys complete successfully.

    Resources:
    - High Availability requirements
    - Deploys requirements
    - Data Gateway bandwidth requirements for QRadar on Cloud
 QRadar® technical support

To open a case or report an external networking infrastructures error, contact QRadar technical support.
Out-of-scope for QRadar Support
The following topics are considered out-of-scope for technical support. QRadar Support reserves the right to close cases related to the following issues:
 
  • Configuring, maintaining, performance tuning, and troubleshooting non-QRadar appliance infrastructure are the responsibility of the corporate network administration team. QRadar Support does not:
    • Design or provide advice on undocumented storage solutions.
    • Configuring proxies or advising on network security tuning for administrators.
    • Advise on security policy or backup procedures for undocumented storage configurations or assist with audit compliance.
    • Validating bandwidth or network infrastructure speed for administrators.

Resources:

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Document Information

Modified date:
25 June 2021

UID

ibm16428223

Page Feedback