In Cortex XSOAR, you can perform both automated and manual backups, which store the entire database of incidents, playbooks, scripts, and user defined configurations. Cortex XSOAR stores daily, weekly, and monthly backup files.
Any Cortex XSOAR service that uses the Elasticsearch database no longer runs automatic backups. To back up the contents of your Elasticsearch database, follow the instructions for Disaster Recovery for Elasticsearch.
You can define whether you want Cortex XSOAR to create automatic backups, and the location to store the backups. The database backup files are located in
If you do not want to automatically backup your data, manual backups are recommended before doing server operations and maintenance work. When you want to migrate your whole database to another server, set up backups for additional Cortex XSOAR folders listed in step 3, using your standard backup tools, scheduled for off-peak hours.
Configure automated database backups.
Select→ → .
Check that Automated Backups are enabled.
Backups Directory - option to change where backups are stored.
Backup Time - option to change the scheduled time for daily backups.
Define the maximum number of daily, weekly, and monthly backups to store.
If you do not automatically back up your server, create a manual backup (before server operations or maintenance work).
Stop the service by running the following command.
sudo service demisto stop
Create the backup file by running the following.
tar -czf archive.tar.gz `find . -type f -name "demisto*db"`
Only demisto*db files are stored (same as automated backup). The default directory for the database is
The backup of the database directory should not be stored under
Back up additional directories.
The following directories must be backed up manually, when you want to migrate your whole database to another server: