In order to take care of this issue, you will need to first manually delete ALL ADE rules via the PSQL database. In order to do that, access the API from the user interface, head to “Analytics” and then to “ADE rules”. Grab all of the IDs you get from running that API endpoint, and access the QRadar console.
Run the following command:
psql -U qradar -c “delete from custom_rule where id=XXX;” (run this command for each ADE rule ID you got from the previous step. After that:
psql -U qradar -c “update global_views set deleted=’t’ where id in (select id from global_views where data_type=’SENTRY’ and deleted=’f’);”
After that:
service hostcontext stop
service tomcat stop
service tomcat start
service hostcontext start
systemctl restart ecs-ep