Transition backup server to Cortex XSOAR production server
in case of unrecoverable active server failure.
In the event of an active server failure where
the server cannot be restored (flooding, fire, meteor impact, hardware
failure, etc.), follow these steps to convert the backup server
to the new production server and then configure a new backup server.
- In a multi-tenant deployment, each machine (main account and host
machines) has its own backup server. You can switch from the production
server to the backup server for any or all of the machines in your
If your analysts use a single, pivoting host name to
connect to the active Cortex XSOAR server, update your DNS record
to re-point your Cortex XSOAR server host name to the now active
server. For more information about host names, see Host Names, DNS, and Disaster Recovery.
engines, confirm that they are connected in
If they have not reconnected and you have confirmed that
network connectivity is good between the engine and the now active
(previously backup) server (i.e., it is reachable on TCP 443 or
the port you have configured), then follow the guidance in Host Names, DNS, and Disaster Recovery.
Obtain a new server environment according to your requirements.
the procedure for Configure the Live Backup Environment using your
now-active server as the primary host, and copying its files and
data to the newly-built Cortex XSOAR server. Confirm that Live Backup
If appropriate for your environment (depends on whether
you want to remain on the present active node), transition the active
node over to the newly-built host by following the procedure Transition an Active Server to Standby Mode and confirming
that Live Backup is again operational.
If applicable, follow step 3 to reconfirm
that engines are connected.
Re-point your shared DNS record, if applicable, back
to the primary Cortex XSOAR server and have analysts reconnect.
Confirm that Cortex XSOAR is working by confirming that
your integrations are working properly, incidents are being created
normally, and that analysts can login and work normally in Cortex XSOAR.