Clear Users Data Using the CLI - Administrator Guide - 6.11 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide
Product
Cortex XSOAR
Version
6.11
Creation date
2022-12-12
Last date published
2024-04-15
Category
Administrator Guide
Abstract

After removing a user from Cortex XSOAR, you can use the CLI to clear the user's data from the content that they have created, and replace them with another user.

After you Remove a User from Cortex XSOAR, although their personal details are deleted, you can also remove their data from the content that they have created. You can decide which user can replace the deleted user. You can run a command in the CLI or automate the process through a playbook or server configurations.

If running a command in the CLI or in a playbook, you must set the builtin.commands.hidden.clearUsersData server configuration to true, otherwise the command cannot run.

Note

  • When clearing users data, only active incidents and incidents are cleared. Incidents that have been closed are not changed.

  • Any invitation created by a deleted user is removed. If the deleted user is the invitee, the invite remains in the Invites table.

Before you begin, ensure you remove the user, otherwise you will receive an error message when using the CLI command.

  1. Create a list of users you want to remove.

    1. Select SettingsADVANCEDListsAdd a List.

    2. Add a name for the list.

    3. In the Content Type field, select Text.

    4. Add the names of the users.

      If adding multiple names use separate lines for each name.

    5. Add the permission level.

      For example, for Read Only, you may want only read-only users to be able to see the list but for Read and edit, you may want both analyst and administrator to be able to edit.

    6. Save the list.

  2. Add the following server configurations by going to SettingsABOUTTroubleshootingAdd Server Configuration.

    Key

    Description

    builtin.commands.hidden.clearUsersData

    Set to false to run the clearUserData command in the CLI and playbook. Default is true.

    server.mask.git.commits

    Set to true to remove the users data from the git commit version that the user created (version control). For an example of version control in a playbook, see Version Control.

    Default is false.

  3. In the CLI, run the following command.

    !clearUsersData listName=<name_of_list> username=replacement_username listClear=<true/false>

    Argument

    Description

    listName

    Name of the list you created in step 1.

    username

    The name of the replacement user. Default is admin.

    listClear

    Set to true to delete the list after the data is cleared. Default is false.

    The deleted user's name is removed and replaced with the user name that you have defined in the command.

In this example, we want to remove two users: A and B, and replace them with user K. We have already set up the server configurations.

  1. Remove users A and B.

  2. Create a list called deletedusers, which contains users A and B.

  3. Run the following command

    !clearUsersData username=K listName=deletedusers

    In the Playground, you should receive notification that the command finished successfully. Users A and B have been removed from the content and replaced by user K.