IBM® Security QRadar® EDR provides an
action to generate an AES key that you can use to encrypt your data backups.
About this task
An AES key is used for asymmetric encryption that meets AES standards. QRadar EDR supports AES-128 GCM, AES-192 GCM,
and AES-256 GCM keys.
Procedure
- To ensure that the list of available cpctl actions is
up to date, type the following command.
The cpctl load command retrieves all available actions that
can be run on QRadar EDR. The actions
are cached to your local environment.
-
Generate an AES key by typing one of the following commands.
- To generate an AES-256 GCM
key:
cpctl tools generate_backup_aes_key --token "$(oc whoami -t)"
- To generate an AES-192 GCM
key:
cpctl tools generate_backup_aes_key --token "$(oc whoami -t)" --key_length 24
- To generate an AES-128 GCM
key:
cpctl tools generate_backup_aes_key --token "$(oc whoami -t)" --key_length 16
The expected output is as
follows:
cpctl tools generate_backup_aes_key --token "$(oc whoami -t)" --key_length 16
Executing playbook generate_backup_aes_key.yaml
- localhost on hosts: localhost -
Gathering Facts...
localhost ok
[Login] Validate...
[Login] Token...
localhost done | stdout:
[INFO] Logging in via token...
Fail if requested length is invalid...
Generate AES Key...
localhost ok
Ensure the directory exists for storing the key...
localhost done
Save the AES key to a file...
localhost done
Command to copy file...
localhost ok: {
"changed": false,
"msg": "On your terminal, extract the AES key by running the command: POD=$(oc get pod --no-headers -lrun=cp-serviceability | cut -d' ' -f1) && oc cp $POD:/tmp/backup_keys/aes_key.txt path/to/save/file/to\n"
}
Command to clean pod...
localhost ok: {
"changed": false,
"msg": "Remove the AES Key by running the command: oc exec $POD -- rm /tmp/backup_keys/aes_key.txt"
}
- Play recap -
localhost : ok=7 changed=3 unreachable=0 failed=0 rescued=0 ignored=0
You can retrieve the AES key by running the following
command:
POD=$(oc get pod --no-headers -lrun=cp-serviceability | cut -d' ' -f1) && oc cp $POD:/tmp/backup_keys/aes_key.txt path/to/save/file/to