Restore a Partition - Administrator Guide - EoL - 6.6 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide
End of Life > EoL

Restore one or more specific partitions in Cortex XSOAR.

Cortex XSOAR automatically backs up the database. In some cases, you might need to restore one or more partitions, without needing to restore the entire database.


As of Cortex XSOAR v6.1, any XSOAR service that uses the Elasticsearch database no longer runs automatic backups. To back up or restore the contents of your Elasticsearch database, follow the instructions for Disaster Recovery for Elasticsearch.

  1. Log out all users from Cortex XSOAR.

  2. Stop the service.

    sudo service demisto stop

  3. Backup the index directory. The default directory is /var/lib/demisto/data/demistoidx.

    tar -czvf filename.tar.gz /var/lib/demisto/data/demistoidx

  4. Delete the contents of the index folder.

  5. Move the demisto_XXXXX.db files to the partitionsData folder.

  6. Set permissions.

    sudo chown -R demisto:demisto /var/lib/demisto/data

  7. Restart the server and log in to Cortex XSOAR.

    sudo service demisto start

    The entire database will be reindexed and the process might take time to complete.