Restore the database from a manual backup or automated backup back up in Cortex XSOAR.
Cortex XSOAR automatically backs up the database. If the database becomes corrupted or you need to revert to an earlier version of your data, you can restore a database backup.
Note
Any Cortex XSOAR service that uses the Elasticsearch database does not run automatic backups. To back up or restore the contents of your Elasticsearch database, follow the instructions for Disaster Recovery for Elasticsearch.
Log out all users from Cortex XSOAR.
Stop the service.
sudo service demisto stopDelete the contents of the database directory.
By default, the database directory is
/var/lib/demisto/data.Copy the backup file to the database location.
Extract the
.gzipbackup file usingtar -xzf.<file-name>When you run the command, new sub-folders are created (where you ran the command) with the
dbfiles inside. If you use the default path, the files are in thevarfolder. For example, the following files are generated:root@myhost:/var/lib/demisto/backup# tar -xzf daily_29_Jun_2021__0738.tar.gz root@myhost:/var/lib/demisto/backup# cd var/lib/demisto/backup/daily_29_Jun_2021__0738 root@myhost:/var/lib/demisto/backup/var/lib/demisto/backup/daily_29_Jun_2021__0738# ls demisto.db demisto_062021.db
Automatic Backup
Move the
demisto_XXXXX.dbfiles to thepartitionsDatafolder.Keep the
demisto.dbfile in the/dataparent folder.
Manual Backup
You do not need to move the files, as the required
_XXXXX.dbfiles are already in thepartitionsDatafolderThe following directories need to be restored manually:
/var/lib/demisto/artifacts/var/lib/demisto/attachments/var/lib/demisto/images/var/lib/demisto/d2_server.key/var/lib/demisto/tools/var/lib/demisto/versionControlRepo/usr/local/demisto/etc/demisto.conf
Restart the server and log in to Cortex XSOAR.