IBM Support

QRadar: Disabling built-in users or otherwise hardening QRadar

Question & Answer


Can you disable built-in users or otherwise harden the QRadar appliance?


Some users may want to disable built-in users or harden the system due to compliance and security policy concerns.


Disabling the root user for CLI access, disabling or deleting the admin account, modifying other backend accounts, changing of file owners or permission, and other such changes in the name of hardening the appliance are not supported. Making such changes to the appliance will likely result in the appliance not functioning properly and can require a factory reset in order to recover the system.

IBM regularly scans the system with several vendors on a very regular basis to ensure security compliance. If additional steps are required, the FIPS offering may also be considered.

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]

Document Information

Modified date:
03 October 2023