Archive Artifacts and Attachments - Administrator Guide - 6.6 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.6
Creation date
2022-09-29
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide

It is recommended to archive artifacts and attachments to facilitate migration and data recovery processes.

Locate the folders that reside in the following location (where Cortex XSOAR is installed), /var/lib/demisto/artifacts/ and /var/lib/demisto/attachments/.

Note

Although the folders reside in /var/lib/demisto/artifacts/ and /var/lib/demisto/attachments/, DO NOT save the backup folders under /var/lib/demisto/.

Follow these steps to create artifact and attachment archive folders.

  1. Stop the Cortex XSOAR service using the following command.

    $ sudo service demisto stop

  2. Create directories to hold the archived artifacts and attachments. For example:

    mkdir -p /var/lib/demisto-archive/artifacts

    mkdir -p /var/lib/demisto-archive/attachments

  3. Navigate to the /var/lib/demisto-archive/ folder.

    cd /var/lib/demisto-archive/

  4. Find the artifacts and attachments you want to save and compress in the archive directories. For example, the following commands archive artifacts and attachments that are older than 250 days.

    For artifacts:

    find /var/lib/demisto/artifacts -type f -mtime +250 | xargs -I% sh -c 'tar -rvf artifacts/artifactsArchive.tar.gz % && rm %'

    For attachments:

    find /var/lib/demisto/attachments -type f -mtime +250 | xargs -I% sh -c 'tar -rvf attachments/attachmentsArchive.tar.gz % && rm %'

  5. Start the Cortex XSOAR service.

    $ sudo service demisto start