Due to NERC requirements we are being asked to validate our SIEM backups. Is there a way to validate that we have good backups other than doing an actual restore?
I can view the backup.txt files in the ESMbackups folders to see that the jobs did complete successfully.
You would need to actually restore the backup files to a SIEM of the same version that the backup files were created in.
Just in case here the SIEM best practices including backups of course:
This article shows you how to validate the backups
How to restore a backup to the SIEM ESM Technical Articles ID: KB80025
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC