cancel
Showing results for 
Search instead for 
Did you mean: 

SIEM Backups

Due to NERC requirements we are being asked to validate our SIEM backups.  Is there a way to validate that we have good backups other than doing an actual restore?

I can view the backup.txt files in the ESMbackups folders to see that the jobs did complete successfully.

3 Replies

Re: SIEM Backups

You would need to actually restore the backup files to a SIEM of the same version that the backup files were created in.

akill
Level 9
Report Inappropriate Content
Message 3 of 4

Re: SIEM Backups

Just in case here the SIEM best practices including backups of course:

https://kc.mcafee.com/corporate/index?page=content&id=KB77553&actp=LIST

Re: SIEM Backups

This article shows you how to validate the backups

How to restore a backup to the SIEM ESM Technical Articles ID:  KB80025