Question & Answer
Question
Can you disable built-in users or otherwise harden the QRadar appliance?
Cause
Some users may want to disable built-in users or harden the system due to compliance and security policy concerns.
Answer
Disabling the root user for CLI access, disabling or deleting the admin account, modifying other backend accounts, changing of file owners or permission, and other such changes in the name of hardening the appliance are not supported. Making such changes to the appliance will likely result in the appliance not functioning properly and can require a factory reset in order to recover the system.
IBM regularly scans the system with several vendors on a very regular basis to ensure security compliance. If additional steps are required, the FIPS offering may also be considered.
IBM regularly scans the system with several vendors on a very regular basis to ensure security compliance. If additional steps are required, the FIPS offering may also be considered.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
03 October 2023
UID
swg21992154