Back Up a Tenant - EoL - Multi-Tenant Guide - 6.11 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Multi-Tenant Guide

Cortex XSOAR
Creation date
Last date published
End of Life > EoL
Multi-Tenant Guide

Create a backup of a tenant account for a Cortex XSOAR multi-tenant deployment. Perform manual and automatic backups of the database.

With Cortex XSOAR, you can perform both automated and manual backups, which store the entire database of incidents, playbooks, scripts, and user defined configurations. Cortex XSOAR stores daily, weekly, and monthly backup files. As of Cortex XSOAR version 6.1, any XSOAR service that uses the Elasticsearch database no longer runs automatic backups. To back up the contents of your Elasticsearch database, follow the instructions in the Elasticsearch documentation.

You can define whether you want Cortex XSOAR to create automatic backups, and the location to store the backups. The default directory for tenant database backup files is /var/lib/demisto/tenants/acc_{TENANT_NAME}/backup. In addition to automated backups, manual backups are recommended before doing server operations and maintenance work. We also recommend you set up backups for additional Cortex XSOAR folders listed in Step 3, scheduled for off-peak hours, using your standard backup tools.

  1. Create a manual backup, before server operations or maintenance work.

    1. Stop the tenant process.

      Go to SettingsACCOUNT MANAGEMENTAccounts, select the tenant account, and click Stop.

    2. Create the backup file. The default data directory for a specific tenant is /var/lib/demisto/tenants/acc_{TENANT_NAME}/data.

      tar -czvf archive.tar.gz /var/lib/demisto/tenants/acc_{TENANT_NAME}/data

      The backup of the database directory should not be stored under /var/lib/demisto/tenants/acc_{TENANT_NAME}.

  2. Configure automated database backups.

    1. Select SettingsADVANCEDBackups.

    2. Check that Automated Backups are enabled.

    3. Backups Directory - option to change where backups are stored.

    4. Backup Time - option to change the scheduled time for daily backups.

    5. Define the maximum number of daily, weekly, and monthly backups to store.

  3. Backup additional directories.

    The following directories must be backed up manually:

    • /var/lib/demisto/tenants/acc_{TENANT_NAME}/artifacts

    • /var/lib/demisto/tenants/acc_{TENANT_NAME}/attachments

    • /var/lib/demisto/tenants/acc_{TENANT_NAME}/images

    • /var/lib/demisto/tenants/acc_{TENANT_NAME}/d2_server.key

    • /var/lib/demisto/tenants/acc_{TENANT_NAME}/tools

    • /var/lib/demisto/tenants/acc_{TENANT_NAME}/versionControlRepo

    • /usr/local/demisto

    • /etc/demisto.conf