IBM Support

QRadar: Disabling built-in users or otherwise hardening QRadar

Question & Answer


Question

Can you disable built-in users or otherwise harden the QRadar appliance?

Cause

Some users may want to disable built-in users or harden the system due to compliance and security policy concerns.

Answer

Disabling the root user for CLI access, disabling or deleting the admin account, modifying other backend accounts, changing of file owners or permission, and other such changes in the name of hardening the appliance are not supported. Making such changes to the appliance will likely result in the appliance not functioning properly and can require a factory reset in order to recover the system.

IBM regularly scans the system with several vendors on a very regular basis to ensure security compliance. If additional steps are required, the FIPS offering may also be considered.

Where do you find more information?



[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Operating System","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21992154