Back up the Database - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide

Perform manual and automatic backups of the Cortex XSOAR database. Configure automated backup options. Schedule backups.

In Cortex XSOAR, you can perform both automated and manual backups, which store the entire database of incidents, playbooks, scripts, and user defined configurations. Cortex XSOAR stores daily, weekly, and monthly backup files.


Any Cortex XSOAR service that uses the Elasticsearch database no longer runs automatic backups. To back up the contents of your Elasticsearch database, follow the instructions for Disaster Recovery for Elasticsearch.

You can define whether you want Cortex XSOAR to create automatic backups, and the location to store the backups. The database backup files are located in /var/lib/demisto/backup.

If you do not want to automatically backup your data, manual backups are recommended before doing server operations and maintenance work. When you want to migrate your whole database to another server, set up backups for additional Cortex XSOAR folders listed in step 3, using your standard backup tools, scheduled for off-peak hours.

  1. Configure automated database backups.

    1. Select SettingsADVANCEDBackups.

    2. Check that Automated Backups are enabled.

    3. Backups Directory - option to change where backups are stored.

    4. Backup Time - option to change the scheduled time for daily backups.

    5. Define the maximum number of daily, weekly, and monthly backups to store.

  2. If you do not automatically back up your server, create a manual backup (before server operations or maintenance work).

    1. Stop the service by running the following command.

      sudo service demisto stop

    2. Create the backup file by running the following.

      cd /var/lib/demisto/data

      tar -czf archive.tar.gz `find . -type f -name "demisto*db"`

      Only demisto*db files are stored (same as automated backup). The default directory for the database is /var/lib/demisto/data.

      The backup of the database directory should not be stored under /var/lib/demisto.

  3. Back up additional directories.

    The following directories must be backed up manually, when you want to migrate your whole database to another server:

    • /var/lib/demisto/artifacts

    • /var/lib/demisto/attachments

    • /var/lib/demisto/images

    • /var/lib/demisto/d2_server.key

    • /var/lib/demisto/tools

    • /var/lib/demisto/versionControlRepo

    • /usr/local/demisto

    • /etc/demisto.conf