Cortex XSOAR automatically backs up the database. In some cases, you might need to restore one or more partitions, without needing to restore the entire database.
Any Cortex XSOAR service that uses the Elasticsearch database does not run automatic backups. To back up or restore the contents of your Elasticsearch database, follow the instructions for Disaster Recovery for Elasticsearch.
Log out all users from Cortex XSOAR.
Stop the service.
sudo service demisto stop
Backup the index directory. The default directory is
tar -czvf filename.tar.gz /var/lib/demisto/data/demistoidx
Delete the contents of the index folder.
demisto_XXXXX.dbfiles to the partitionsData folder.
sudo chown -R demisto:demisto /var/lib/demisto/data
Restart the server and log in to Cortex XSOAR.
sudo service demisto start
The entire database will be reindexed and the process might take time to complete.