cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
davidp64
Level 9
Report Inappropriate Content
Message 1 of 7
‎08-24-2017 06:26 AM

SIEM Backup

Hi frnds,

Can anyone have some idea on backup process.what is the difference between them.what data are covered in backup and full backup..

Please share your suggestions.

0 Kudos
Reply
6 Replies
Highlighted
sssyyy
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 7
‎08-24-2017 03:47 PM

Re: SIEM Backup

Backup Now > ESM Configurations and Settings only, no Data

Full Backup Now > Everything

Reply
Highlighted
davidp64
Level 9
Report Inappropriate Content
Message 3 of 7
‎08-26-2017 12:29 AM

Re: SIEM Backup

is custom watch list, custom alarms,custom correlation rule,data sources is covered in backup now process..

0 Kudos
Reply
Highlighted
sssyyy
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 7
‎08-26-2017 08:09 PM

Re: SIEM Backup

I doubt watchlists, alarms and correlation rules are part of the config backup. That's because McAfee recommend to back those up before the upgrade to 10.x in their release note.

Data sources maybe, but I haven't checked. As a precaution, you should periodically export data source settings, in case ERC experiences hardware issue and require re-image or RMA.

Reply
Highlighted
kmc
Level 12
Report Inappropriate Content
Message 5 of 7
‎08-29-2017 03:00 AM

Re: SIEM Backup

A standard backup saves all configuration settings, including those for policy, as well as SSH, Network, and SNMP files where as full backup includes device settings (above specified) and the system data.

one thing you need keep in mind that once you initiate full backup SIEM will go offline and it's available only after the completion of the full backup

0 Kudos
Reply
Highlighted
davidp64
Level 9
Report Inappropriate Content
Message 6 of 7
‎09-03-2017 02:35 AM

Re: SIEM Backup

Kmc, Thanks for providing information, but my ask still not full fill that as there is two options for backup 1. Backup Now 2. Full backup now.

So i need to clear it out what thing are covered in 1.Backup Now option as i know that in full backup it will take a back of all.

Please help me to understand this.

0 Kudos
Reply
Highlighted
kmc
Level 12
Report Inappropriate Content
Message 7 of 7
‎09-04-2017 01:18 AM

Re: SIEM Backup

Hi

Normal backup will Backup ESM settings(specified above) and events(if only selected), flows (if only selected), and logs (if only selected)

To be clear:Collects all users, reports, dashboards, Receiver data sources, templates, alarms, filters, watchlists, and user created content.

Where as Full Backup will backup: ESM settings, Events Data, flow Data, Event Log data and settings of the ESM, ERC, DEM, ADM, and ACE devices if configured.

Reference: McAfee Corporate KB - When to use a Full System backup, a Settings Only backup, and an Incremental b...

Note: If you are doing full backup you should store it in remote.

Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC