Question & Answer
Question
How do you decommission a QRadar appliance?
Cause
QRadar appliance data might be of a sensitive nature. If you want to erase all data securely, it is necessary to erase data on the drives by using the WIPE option.
Answer
Erase the data of a QRadar appliance that is being decommissioned:
We use the shred command. For more information, see the documentation on the shred utility.
By default we use five iterations but it is customizable up to 50 in the Wipe prompt. We also use the -z option, and we run the tool on all partitions we find in
- Restart the QRadar system:
reboot - When it tries to boot into the boot partition, instead of selecting the option
Normal SystemselectFactory re-install [QRadar *******]where****is the QRadar version image present on the system. - When the
WARNINGblue screen is presented, you can do the following:
To reinstall QRadar typeFLATTEN.
To perform a full disk erasure typeWIPE.
Note: In most cases, the wipe process takes a long time and there is no way to tell the wipe has completed.We recommend rebooting and if it fails to start then the wipe was successful.
We use the shred command. For more information, see the documentation on the shred utility.
By default we use five iterations but it is customizable up to 50 in the Wipe prompt. We also use the -z option, and we run the tool on all partitions we find in
/proc/partitions matching this string:
PARTS=`cat /proc/partitions | egrep " sd[a-z][1-8] | hd[a-z][1-8]" | tr -s " " | cut -d" " -f5 | sort -ru | grep -v 6` "
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtcAAA","label":"Hardware"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2.8;7.3.0;7.3.1;7.3.2;7.3.3;7.4.0;7.4.1;7.4.2;7.4.3;7.5.0"}]
Was this topic helpful?
Document Information
Modified date:
09 August 2022
UID
swg21991766