With Cortex XSOAR, you can perform both automated and manual backups, which store the entire database of incidents, playbooks, scripts, and user defined configurations. Cortex XSOAR stores daily, weekly, and monthly backup files. As of Cortex XSOAR version 6.1, any XSOAR service that uses the Elasticsearch database no longer runs automatic backups. To back up the contents of your Elasticsearch database, follow the instructions in the Elasticsearch documentation.
You can define whether you want Cortex XSOAR to create automatic backups, and the location to store the backups. The default directory for tenant database backup files is
/var/lib/demisto/tenants/acc_. In addition to automated backups, manual backups are recommended before doing server operations and maintenance work. We also recommend you set up backups for additional Cortex XSOAR folders listed in Step 3, scheduled for off-peak hours, using your standard backup tools.
Create a manual backup, before server operations or maintenance work.
Stop the tenant process.
Go to Stop.→ → , select the tenant account, and click
Create the backup file. The default data directory for a specific tenant is
tar -czvf archive.tar.gz /var/lib/demisto/tenants/acc_
The backup of the database directory should not be stored under
Configure automated database backups.
Select→ → .
Check that Automated Backups are enabled.
Backups Directory - option to change where backups are stored.
Backup Time - option to change the scheduled time for daily backups.
Define the maximum number of daily, weekly, and monthly backups to store.
Backup additional directories.
The following directories must be backed up manually: