Back up the Database - Administrator Guide - 6.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.5
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Perform manual and automatic backups of the Cortex XSOAR database. Configure automated backup options and schedule backups.

In Cortex XSOAR, you can perform both automated and manual backups, which store the entire database of incidents, playbooks, scripts, and user defined configurations. Cortex XSOAR stores daily, weekly, and monthly backup files.

Note

As of Cortex XSOAR v6.1, any Cortex XSOAR service that uses the Elasticsearch database no longer runs automatic backups. To back up the contents of your Elasticsearch database, follow the instructions for Disaster Recovery for Elasticsearch.

You can define whether you want Cortex XSOAR to create automatic backups, and the location to store the backups. The database backup files are located in /var/lib/demisto/backup.

If you do not want to automatically backup your data, manual backups are recommended before doing server operations and maintenance work. When you want to migrate your whole database to another server, set up backups for additional Cortex XSOAR folders listed in Step 3, using your standard backup tools, scheduled for off-peak hours.

  1. Configure automated database backups.

    1. Select SettingsADVANCEDBackups.

    2. Check that Automated Backups are enabled.

    3. Backups Directory - option to change where backups are stored.

    4. Backup Time - option to change the scheduled time for daily backups.

    5. Define the maximum number of daily, weekly, and monthly backups to store.

  2. If you do not automatically backup your server, create a manual backup (before server operations or maintenance work).

    1. Stop the service by running the following command.

      sudo service demisto stop

    2. Create the backup file by running the following command.

      tar -czvf archive.tar.gz /var/lib/demisto/data

      The default directory for the database is /var/lib/demisto/data.

      The backup of the database directory should not be stored under /var/lib/demisto.

  3. Backup additional directories.

    The following directories must be backed up manually, when you want to migrate your whole database to another server:

    • /var/lib/demisto/artifacts

    • /var/lib/demisto/attachments

    • /var/lib/demisto/images

    • /var/lib/demisto/d2_server.key

    • /var/lib/demisto/tools

    • /var/lib/demisto/versionControlRepo

    • /usr/local/demisto

    • /etc/demisto.conf