Cortex XSOAR automatically backs up the database. If the database becomes corrupted or you need to revert to an earlier version of your data, you can restore a database backup.
Note
Any XSOAR service that uses the Elasticsearch database no longer runs automatic backups. To back up or restore the contents of your Elasticsearch database, follow the instructions in the Elasticsearch documentation.
Log out all users from Cortex XSOAR.
Stop the tenant process.
Go to Stop.
→ → , select the tenant account, and clickDelete the contents of the database directory.
The default data directory for a specific tenant is
/var/lib/demisto/tenants/acc_
.{TENANT_NAME}
/dataCopy the backup file to the database location.
Extract the
.gzip
backup file usingtar -xzf
.<file-name>
Move the
demisto_XXXXX.db
files to thepartitionsData
folder. Keep thedemisto.db
file in the/data
parent folder.The following directories need to be restored manually:
/var/lib/demisto/tenants/acc_
{TENANT_NAME}
/artifacts/var/lib/demisto/tenants/acc_
{TENANT_NAME}
/attachments/var/lib/demisto/tenants/acc_
{TENANT_NAME}
/images/var/lib/demisto/tenants/acc_
{TENANT_NAME}
/d2_server.key/var/lib/demisto/tenants/acc_
{TENANT_NAME}
/tools/var/lib/demisto/tenants/acc_
{TENANT_NAME}
/versionControlRepo/usr/local/demisto
/etc/demisto.conf
Restart the tenant process and log in to Cortex XSOAR.
Go to Start.
→ → , select the tenant account, and click