IBM Support

Deleted Data Sources in DE & TII Still Show in the UI

Troubleshooting


Problem

Deleting data source configurations in Cloud Pak for Security (CP4S) still shows in the User Interface (UI) for a Data Explorer search or TII scan.

Symptom

The CP4S UI shows data sources that were previously deleted in the Connections page in both Data Explorer and Threat Intelligence Insights scans.

Cause

Deleted data source connections result in leftover configurations that result in the user interface showing them in data explorer and threat intelligence insights.

Resolving The Problem

  1. Log in to the CP4S environment by using the oc command where openshift_token and openshift_api_url are replaced by the login command credentials: 
                oc login --token=<openshift_token> --server=<openshift_api_url>
  2. Use the oc command to verify that the couchdb service is running. Port-forward the default-couchdbcluster service: 
                oc get svc | grep couchdb

            c-default-couchdbcluster-m                         ClusterIP   None             <none>        9100/TCP                                          3d23h
            default-couchdbcluster                             ClusterIP   127.0.0.1    <none>        443/TCP                                           3d23h

            oc port-forward svc/default-couchdbcluster 9000:443
    NOTE: The port 9000 can be changed to an unused port on your local machine.
  3. Record the password and username used for the default-couchdbcluster service the decode it: 
                oc get secret couch-secret-default -o json
            (............)
            {
                "apiVersion": "v1",
                "data":

            {         "password": "AAAABBBCCC==",         "username": "AABBCC="     }
            ,
            (............)

            echo AAAABBBCCC== | base64 -D

            echo AABBCC= | base64 -D
    NOTE: Password  and user name displayed are examples. The output produced in production environments are different.
  4. Open a browser and type the following address https://localhost:9000/_utils/ into the address bar. It requests the username and password from step 3.
  5. Scroll down the page and click >> arrow to navigate to the second page or click 2
    Click the arrow or number 2 on the page
  6. Find the uds-ds-connections and uds-ds-configurations tables. Click both to locate keys that are remaining in the tables.
  7. Click the connections table.
  8. Select the account ID key we want to delete.
  9. Click delete.
  10. For UI to refresh, add new connector and only the expected Data Source are there now.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTDPP","label":"IBM Cloud Pak for Security"},"ARM Category":[{"code":"a8m0z0000001h8kAAA","label":"Data Explorer"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.9.0"}]

Document Information

Modified date:
13 May 2022

UID

ibm16556482

Page Feedback