cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
hon
Level 9
Report Inappropriate Content
Message 1 of 3

siem back up vs full backup

dear whom,

Does anyone help me about the backup vs full backup on ESM. What is the different between this thing. Can i just use back up to recovery. There is also option Event and Event log . what should i select?

2 Replies
xded
Level 12
Report Inappropriate Content
Message 2 of 3

Re: siem back up vs full backup

Hi,

if you select "Backup Now", you safe a copy of the ESM Settings and you can restor this settings

if you select "Full Backup Now", you safe a copy of ESM settings and a full backup of Events Flows and Event Logs and you can restor this backup

If you select a Backup frequency you will backup what you select: Events, Flows or and Event Logs and the Settings of the ESM. So if you select nothing you will backup only the Settings of the ESM. If you select Events and Event Logs you will backup the Settings, Events and Event Logs.

rth67
Level 12
Report Inappropriate Content
Message 3 of 3

Re: siem back up vs full backup

A regular Backup of the ESM simply backs up all of the Settings (this includes custom Displays, Views, Policies, Alarms, Reports, Device Configurations [Receivers, APM, DSM, ELM, ePO, etc], Assets, etc.) this does not include any Event Data or Flows

A Full Backup will include all of the above and all of your Event Data and Flows.

A Scheduled Backup will perform a Regular Backup plus any data you select (Events, Flows, Event Logs) to either the ESM or to a Remote Location using either CIFS or NFS Shares

Enabling Redundancy with another ESM will Sync the Primary ESM and all of settings and Data to a Redundant ESM, you can have up to 5 Redundant ESM's.

Note - a Redundant ESM is not a Fault Tolerant ESM, it is a Disaster Recovery ESM.

However, in version 9.6.x they have enabled functionality to offload some functionality from the Primary ESM to a Redundant ESM to take advantage of the customers investment dollars sitting wasted waiting for a Disaster. Some Searches are now offloaded to a Redundant ESM for processing, with the Results being Returned to the user that is logged in to the Primary.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator