Back Up a Tenant - Multi-Tenant Guide - 6.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Multi-Tenant Guide

Product
Cortex XSOAR
Version
6.5
Creation date
2022-09-29
Last date published
2023-02-09
End_of_Life
EoL
Category
Multi-Tenant Guide

With Cortex XSOAR, you can perform both automated and manual backups, which store the entire database of incidents, playbooks, scripts, and user defined configurations. Cortex XSOAR stores daily, weekly, and monthly backup files. As of Cortex XSOAR version 6.1, any XSOAR service that uses the Elasticsearch database no longer runs automatic backups. To back up the contents of your Elasticsearch database, follow the instructions in the Elasticsearch documentation.

You can define whether you want Cortex XSOAR to create automatic backups, and the location to store the backups. The default directory for tenant database backup files is /var/lib/demisto/tenants/acc_{TENANT_NAME}/backup. In addition to automated backups, manual backups are recommended before doing server operations and maintenance work. We also recommend you set up backups for additional Cortex XSOAR folders listed in Step 3, scheduled for off-peak hours, using your standard backup tools.

  1. Create a manual backup, before server operations or maintenance work.

    1. Stop the tenant process.

      Go to SettingsAccount MangementAccounts, select the tenant account, and click Stop.

    2. Create the backup file. The default data directory for a specific tenant is /var/lib/demisto/tenants/acc_{TENANT_NAME}/data.

      tar -czvf archive.tar.gz /var/lib/demisto/tenants/acc_{TENANT_NAME}/data

      The backup of the database directory should not be stored under /var/lib/demisto/tenants/acc_{TENANT_NAME}.

  2. Configure automated database backups.

    1. Select SettingsADVANCEDBackups.

    2. Check that Automated Backups are enabled.

    3. Backups Directory - option to change where backups are stored.

    4. Backup Time - option to change the scheduled time for daily backups.

    5. Define the maximum number of daily, weekly, and monthly backups to store.

  3. Backup additional directories.

    The following directories must be backed up manually:

    • /var/lib/demisto/tenants/acc_{TENANT_NAME}/artifacts

    • /var/lib/demisto/tenants/acc_{TENANT_NAME}/attachments

    • /var/lib/demisto/tenants/acc_{TENANT_NAME}/images

    • /var/lib/demisto/tenants/acc_{TENANT_NAME}/d2_server.key

    • /var/lib/demisto/tenants/acc_{TENANT_NAME}/tools

    • /var/lib/demisto/tenants/acc_{TENANT_NAME}/versionControlRepo

    • /usr/local/demisto

    • /etc/demisto.conf