Restore a Partition for a Tenant - Multi-Tenant Guide - 6.8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Multi-Tenant Guide

Product
Cortex XSOAR
Version
6.8
Creation date
2022-09-29
Last date published
2023-07-02
End_of_Life
EoL
Category
Multi-Tenant Guide

Cortex XSOAR automatically backs up the database. In some cases, you might need to restore one or more partitions, without needing to restore the entire database.

Note

As of Cortex XSOAR version 6.1, any XSOAR service that uses the Elasticsearch database no longer runs automatic backups. To back up or restore the contents of your Elasticsearch database, follow the instructions in the Elasticsearch documentation.

  1. Log out all users from Cortex XSOAR.

  2. Stop the tenant process.

    Go to SettingsAccount ManagementAccounts, select the tenant account, and click Stop.

  3. Backup the index directory. The default directory is /var/lib/demisto/tenants/acc_{TENANT_NAME}/data/demistoidx.

    tar -czvf filename.tar.gz /var/lib/demisto/tenants/acc_{TENANT_NAME}/data/demistoidx

  4. Delete the contents of the index folder.

  5. Move the demisto_XXXXX.db files to the partitionsData folder.

  6. Set permissions.

    sudo chown -R demisto:demisto /var/lib/demisto/tenants/acc_{TENANT_NAME}/data

  7. Restart the tenant process and log in to Cortex XSOAR.

    Go to SettingsAccount MangementAccounts, select the tenant account, and click Start. The entire database will be reindexed and the process might take time to complete.