Restore the database from a manual backup or automated
backup back up in Cortex XSOAR.
Cortex XSOAR automatically backs up the database.
If the database becomes corrupted or you need to revert to an earlier
version of your data, you can restore a database backup.
Cortex XSOAR v6.1 and later, any XSOAR service that uses the Elasticsearch
database no longer runs automatic backups. To back up or restore the
contents of your Elasticsearch database, follow the instructions
for Disaster Recovery for Elasticsearch.
Log out all users from Cortex XSOAR.
Stop the service.
sudo service demisto stop
Delete the contents of the database directory.
By default, the database directory is
Copy the backup file to the database location.
When you run the command, new sub-folders are created (where
you ran the command) with the
If you use the default path, the files are in the
For example, the following files are generated:
root@myhost:/var/lib/demisto/backup# tar -xzf daily_29_Jun_2021__0738.tar.gz
root@myhost:/var/lib/demisto/backup# cd var/lib/demisto/backup/daily_29_Jun_2021__0738
) Move the
file in the
If you backup manually, you do not need to move the
files, as the required
already in the
The following directories need to be restored manually: