The Security Analytics system, either hardware or a VM, may need to be factory defaulted.
This is for releases 8.X.X and later
The re-install may be because the system is a sensor when it was intended to be a CMC or if you want to start over with new packets and metadata. It is also works well for starting over with a clean slate if the user or rules configuration has become not what was intended.
We do not have a factory reset feature but do have a re-install process which takes about an hour total. The clean install takes about 20 minutes for the actual process. It will take some time to download the ISO from the support portal and copy it to the system.
The fastest and easiest method to reinstall, if you have root access, is to use the command line method. This process will maintain the IP address, netmask, and gateway but remove all saved packets and metadata. It will also let you reassign the system from a sensor to a CMC or vice versa. The upgrade process itself required 20-30 minutes.
To re-install a system from the command line,
Note: This will clear all packets, indexes, and configuration changes that exist on the system.
Configure the system as though it were new.
You can use the USB that came with the system or create a newer boot-able USB with the procedure here:
How to create a USB install key for Security Analytics on Symantec S500 hardware
How to create a bootable USB install/upgrade key for Security Analytics on Dell hardware