How To
Summary
After an administrator removes a QRadar Incident Forensics appliance from the deployment, they might notice the Forensics icons remain in the Admin tab user interface. This article instructs the administrator how to request a license update to remove these user interface components.
Objective
To remove the QRadar Forensics icons from the Admin tab after Incident Forensics host is decommissioned and removed from the QRadar deployment.
Steps
To remove the QRadar Incident Forensics (QIF) icons you must apply a new Console license without the QRadar Incident Forensics component.
- The license key used to install QRadar Incident Forensics is a Console key that enables the Forensics tab and also shows Forensics icons:
- Email q1pd@us.ibm.com and request a new Console license key WITHOUT QRadar Incident Forensics (QIF).
For example:Hello q1dp@us.ibm.com. We have decommissioned our QRadar Incident forensics appliance. Could you send us a new license without a QIF enablement.
- Change the Display drop-down to Licenses.
- Click Upload License.
- Select the new License key without QIF enablement.
- Click Upload.
- Click the Console > click Allocate license.
- Click Deploy License.
- Log out of the QRadar UI and clear the browser cache.
Note: The Forensics Suspect Content Management icon is standard on all QRadar deployments and will be present on the Admin tab even if no Incident Forensics host is added.
Results
After you log back into the Console UI the icons for Server Management, Case Management, Forensics User Permissions, Schedule Actions are removed.
Additional Information
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSUK44","label":"IBM Security QRadar Incident Forensics"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
23 September 2020
UID
ibm10887447