Skip to main content
Skip table of contents

Incident response - Clearing the database

In some cases it becomes necessary to clear the incident response database. Some of the reasons for this is:

  • Poorly configured or “noisy” alerts that created a large influx of the same event

  • The database needs to be reset annually

  • Corruption

NOTE: For the example below, the namespace used is tenant1

The steps to perform this activity are:

  1. Scale down incident response

    CODE 
    kubectl -n tenant1 scale sts tenant1-thehive --replicas=0

  2. Enter into the database pod

    CODE 
    kubectl -n tenant1 exec -it tenant1-scylla-0 bash

  3. Type cqlsh and Press [ENTER]

  4. Type the line below and then Press [ENTER]

    CODE 
    'drop keyspace thehive;'

  5. Type exit and Press [ENTER]

  6. Press [CTRL]+[D]

  7. Scale up incident response

    CODE 
    kubectl -n tenant1 scale sts tenant1-thehive --replicas=1

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close